Setting Up Two Factor Authentication with WordPress and Google Authenticator

two-factor-ga-wordpress-viGoogle Authenticator allows you to combine the classic WordPress login with username and password with an additional security code. This increases the security of your WordPress website.

WordPress supports two factor authentication via Google Authenticator with plugins such as Google Authenticator by Hendrik Schack.

As a first step, you select the desired authentication method in the admin area. Afterwards, you can adapt the two-factor authentication for each user individually.

This means you can explicitly protect admins and exclude authors from the two-factor authentication, for example.

Installing Google Authenticator

Install the Google Authenticator app on your smartphone: Download: iOS / Android

Installing the Google Authenticator Plugin

  • In the WordPress admin area, select Plugins, then Add New and search for Google Authenticator.
  • Install the Google Authenticator plugin by Hendrik Schack.

You can now set up two-factor authentication for your users.

Setting Up Two Factor Authentication for Users

  • Open the Users section.
  • Select the user for which you would like to enable two-factor authentication.
  • Under Google Authenticator Settings, check the option Active.
  • Click Show/Hide QR code.

You should now be able to see an automatically generated QR code:

  • Open the Google Authenticator app on your smartphone and scan the QR code.
    Alternatively, you can also set up your account manually. To do so, use the description and secret displayed for this user in WordPress.

You can now see a new entry for your website in the Google Authenticator app. The security code is updated every 30 seconds.

  • Click Update Profile.

The two-factor authentication is now set up for this user. From now on, use a new security code each time you log in.wordpress-2fa-login-en

Loggin in with Google Authenticator Code

Write Down Secret

For situations in which you don’t have access to the Authenticator, you can fall back on the secret to connect a new Authenticator.

Store the secret in a secure location. Pretty old-fashioned, but secure: Write it down on a piece of paper.

That’s it! Congratulations, your WordPress website has just become a bit more secure!

Please rate this post :

12 thoughts on “Setting Up Two Factor Authentication with WordPress and Google Authenticator

  1. Jon says:

    This is all well and good, but when will 1&1 provide for 2-factor authentication on its own Control Panel? If an attacker can gain access to my domain’s configuration account with just a password, it doesn’t matter how well I’ve secured anything else.

    1. 1and1help says:

      Hi Jon,

      thanks for your feedback. 2FA is definitely a feature we would love to see for our logins in the future. It’s on our agenda, but no ETA yet.

      Best regards,
      Michael, 1&1

  2. AM says:

    When will 1 and 1 implement 2-step verification for its own products?

    1. 1and1help says:

      Hi AM,

      2fa is absolutely a feature we want to have for our logins in the future as well. It’s on our agenda, but we can’t give you an ETA yet. Stay tuned!

      Best regards,
      Michael, 1&1

      1. Dario says:

        Hello, still no news about this?

        I love 1&1 but almost all your competitors out there already support 2 steps login.


        1. 1and1help says:

          Hi Dario,

          still no plans we could announce publicly. Sorry!

          Best regards,
          Michael, 1&1

          1. Hubert Samuel says:

            It is November 2017 and this has not been addressed!!! Is there a reason why? Even the cheap hosting sites have 2 factor auth. Can you at least let your customers know that this is a priority!

          2. 1and1help says:

            @Hubert Samuel:


            Hi Hubert,

            we are on it. We want to provide the best user experience you can get, so the developement of this feature takes some time. We hope for your understanding

            Michael, 1&1

  3. 1 and 1 User says:

    Dear 1and1,

    On a side note you could absolutely enable the option to logging into a customers control panel by IP address. Why don’t you all include that function as would seem easy to roll out without having to rely on 3rd party API’s or plugins or what have you….i would say that would be an option


    1. 1and1help says:

      Hi JD,

      not sure how this should work. You mean that a brower cookie should detect the IP address of your internet connection and log you in automatically? Nice idea, but I am not confident that this would be a safe login method. Besides, most of our customers don’t have a static IP address, their internet providers switch their IP everytime their broadband connection restarts.

      Best regards,
      Michael, 1&1

  4. 1 and 1 User says:

    Plus why would somebody want to use Google Authenticator which user plain text?????????? Ugh…..that would be my last choice…just saying

    1. 1and1help says:


      of course you can use apps like Authy or other totp 2fa clients instead. Google Authenticator is the most popular one, so we decided to describe the function with it. 🙂

      Best regards.
      Michael, 1&1

Leave a Reply to 1and1help Cancel reply

Your email address will not be published. Required fields are marked *