Add Two-Factor Authentication In WordPress

Setting up Two-factor authentication is very important for any online service we use today. It secures account from having any unauthenticated person access to your account even with the login credentials.

WordPress login page is always brute-forced by malicious bots. These bots try to guess the username and password of your WordPress website.

First of all, users should set a strong password so that it becomes impossible to guess the password. If even after a secure password, username and password are hacked or leaked accidentally, and for that, you can setup a login verification or two-factor authentication.

What is Two-Factor authentication or 2fa?

2-factor authentication is a way to authenticate that it is the owner of the account who’s trying to log in. The way it works is that a 4 or 6 digit code is sent to the owner registered email id or registered phone number after providing the correct user credentials. Then user has to provide the code to verify the login.

This way anyone who has an account username and password will not be able to login since he can’t provide the code sent to the registered email or phone.

How to setup 2-Factor authentication in WordPress?

WordPress does not have a built-in login verification system. Besides not having this feature in WordPress core, there are multiple plugins for implementing OTP verification in WordPress.

1. miniOrange Google Authenticator – WordPress two factor authentication

Google authenticator is a popular mobile app for login verification. It is better than phone & email verification because phone verification sometimes get delayed due to network issues. Google authenticator is instant.

To setup Google authenticator with WordPress, we can use this plugin from miniOrange.

First of all, install Google authenticator on your smartphone. You can install it on iPhone and Android.

Setup Google authenticator – WordPress two factor authentication

  • Login to your WordPress dashboard and go to Plugins > Add New.
  • Search Google authenticator & install the plugin Google Authenticator – WordPress Two Factor Authentication from miniOrange.
install Google authenticator in WordPress
install Google authenticator in WordPress
  • After installing the plugin, activate it.
  • Now open miniOrange 2-Factor settings from the sidebar.
Open miniOrange settings
Open miniOrange settings

It will open the plugin settings.

Login miniOrange account
Create miniOrange account

It will ask you to enter an email address and password to create a miniOrange account.

After the account creation, it’ll redirect you to the dashboard.

miniOrange plugin Dashboard
miniOrange plugin Dashboard

This plugin supports multiple ways for WordPress login verification The easiest one is to setup Google Authenticator. For that, you’ll first need to install Google authenticator on your smartphone. Google authenticator is available to install from the Android and Apple store.

After you’ve installed the app on your smartphone, let’s configure it with WordPress website.

From the miniOrange dashboard, click ‘Google Authenticator’ from the dashboard. It will take you to the setup page.

Setup Google authenticator in WordPress
Setup Google authenticator in WordPress

If you want, you can also use Authy Authenticator and LastPass Authenticator. In this article, I will only setup Google Authenticator but the process for the other two apps are the same.

Select Google Authenticator and enter the account name. This will be visible in the authenticator app.

Now open the authenticator app on mobile and click on ‘+’ sign to add a new account. Select to scan QR code. This will activate the phone camera and ask for QR code. Scan the QR code to complete the process from the app side.

After that, authenticator app will generate the code and enter this code in the text box as shown below. Finally, click ‘Verify and Save’ to complete the setup.

Verify WordPress with Authenticator
Verify WordPress with Authenticator
Wordpress login verification activated
WordPress login verification activated

And that’s it. From now on for each login, WordPress will require OTP from the Google authenticator app to verify the login.

Verify WordPress login
Verify WordPress login

miniOrange authentication plugin provides many other verification methods. So do check them out if you want. The app also provides various other security settings for WordPress sites so do check them out and enable if necessary.

2. Two-Factor

miniOrange Google authenticator is an excellent plugin for verifying WordPress login through Google Authenticator and other authentication apps. But, besides this, that plugin has various security features that some of you may already have implemented in WordPress and been using. So this plugin is not useful when more than 90% of features are inactive. In that case, it’s better to install a plugin that is just for two-factor authentication.

And Two-Factor, as the name says, is just for that. Two-Factor is so simple that it does not have its own page for configuration. After installing the plugin, simply, go to your WordPress profile and in the bottom, you will have all the settings to setup WordPress 2-Factor authentication.

First of all, install Two-Factor from the WordPress plugin store. Go to Plugins >> Add New and search for Two-Factor.

Install Two Factor In WordPress
Install Two Factor In WordPress

After the installation is complete, go to your profile (Users >> Your Profile) for the setup.

Two Factor settings
Two Factor settings

As you can see there are various ways to verify the login. Email and Google authenticator are the once you can easily setup and use in WordPress.

Receive OTP on email

To receive OTP on email, check ‘Enabled’ and select Email as primary.

Enable Email
Enable Email

Update profile to save the changes. And that’s it. Next time you login, WordPress will send an OTP to registered email to verify the login.

Setup Google Authenticator for verification

To setup Google authenticator, check ‘Enabled’ and select ‘Time based One-Time password’ as primary. Now open the Google Authenticator app in your mobile, tap ‘+’ sign to add a new account, tap ‘Scan bar code’ and scan the code.

Finally, enter the OTP in the text box and hit submit.

Configure Two Factor Google Authenticator
Configure Two Factor Google Authenticator

And that’s it. Next time you login, WordPress will require to enter OTP from Google Authenticator app in order to validate the login.

Conclusion

So this is how you can setup login verification or 2fa on your WordPress site. These two plugins do the job easily, specially Two-Factor plugin that is only for this security.

If you have any difficulty setting up the plugin, please let me know in the comment section below.

The post Add Two-Factor Authentication In WordPress appeared first on LinuxAndUbuntu.



from LinuxAndUbuntu https://ift.tt/2LP0Jmy

Post a Comment

0 Comments