How to Setup Two-Factor Authentication on a WordPress Blog

Posted by on

Nowadays, security is a primary concern for all the users that uses the Internet. From Online banking to email accounts, having an extra layer of security is always a something everyone should consider.

If you are a tech enthusiast, who read lots of articles on a daily basis. You may often come across the word two-factor authentication. So first, let’s see what the heck it means 😛

What is two-factor authentication?

How to Setup Two-Factor Authentication on a WordPress Blog

image by google

According to Wikipedia: Two-factor authentication (also known as 2FA) is a method of confirming a user’s claimed identity by utilising a combination of two different components.

What it means is that one cannot log in just with your email/username and password combination like traditional login. The tradition login is followed by another authentication. It may be an OTP (One Time Password) that you receive on your mobile phone or email. It may be some random numbers generated by the app at a different time or any other method. Therefore adding an extra layer of protection to your blog.

Read this: How to hide wp-admin page aka wp-login page in WordPress.

Steps to setup Two-Factor authentication on a WordPress Blog

Multiple plugins are having the support of various apps that can be used to enable two-factor authentication on your WordPress blog. Let’s discuss some of the best plugins that you can begin with:

Google Authenticator

Like us, if you are a fan of Google Products then we are sure that you will go with this method. If you haven’t heard of it yet, then let’s describe it in brief.

Google Authenticator is one of the best Android apps which generates access code every minute for the place where you already setup two-factor authentication. And the great part is that it is offline so no one can steal your access code, and it can be accessed when you are not connected to the internet. All you need to do is to scan a QR code to set it up.

Surprising Fact: It was released on September 20, 2010. That’s a long time ago.

So let’s get started on how to do so:

  • Download & install Two-Factor Authentication plugin from WordPress Repository. (Download Link)
  • Now install the Google Authenticator app on your mobile.
  • Go to plugin settings and scan the QR Code. Verify whether the code displayed on your blog is same as shown on your phone.
  • If yes, then activate the two-factor authentication.
  • To check whether it works or not. Logout and login again to the WordPress dashboard. You will see something like:
  • If yes, the open the authenticator app on your phone and enter the six digit code you see there.

MiniOrange 2 Factor Authentication

The other plugin that provides a similar facility is named miniOrange 2-factor authentication. It offers many additional features, but it uses an API to connect to its services. Let’s see how to configure it:

  • First of all download and install miniOrange 2-factor authentication from WordPress repository. (Download Link)
  • Go to the plugin settings and fill up the necessary details to signup and begin setting up the plugin.
  • In the free plan, you will get up to one user plan.
  • There are several ways in which you can enable two-factor authentication.Email Verification: You will receive an email when you log in to your WordPress dashboard. Login will only be successful if you verify by clicking the link in the email.
    OTP Over SMS: This is a premium feature where you will receive a one-time password on your registered mobile number to login to WP dashboard.
    Phone Call Verification: Also a premium feature where you will hear Computer voice telling the OTP.
    Soft Token: Random 6 digit code generated by the miniOrange app on your smartphone.
    QR Code Authentication: You will have to scan the QR code on your mobile using the miniOrange app.
    Push Notification: You will receive a push notification to accept or deny the login request on your smartphone. (Similar to the one that Google Provides while logging into Google account)
    Google Authenticator: Already discussed earlier.
    Authy two-factor authentication: Similar to Google authenticator but a different smartphone app.
    Security Questions: Hope you know it! 😀
  • That’s a lot of options that you can configure on your blog and honestly it is great.

So these were the two of the best free WordPress plugins you can use on your WordPress blog to make it more secure. If you have any more plugins in mind, then do let us know in the comment section below.

Read this: How to avoid being hacked: 5 Easy steps to protect yourself.

If you liked this post (How to Setup Two-Factor Authentication on a WordPress Blog), then don’t forget to share it with your friends on Facebook and Twitter.

Also if you have any query or problem while setting up the plugins then let us know. We will be glad to help you out.

Share This Post

Last updated: June 6, 2017

Authored by :

Mehul Boricha is the founder and owner of Tech Arrival. He is a computer and smartphone geek from Junagadh, Gujarat, India. He is currently pursuing his B.Tech from LDRP Institute of Technology & Research, Gandhinagar in his favourite branch i.e. Computer Engineering (CE). Apart from technology geek, he loves to listen to music, playing football etc.

11 comments

Extra security on the blog is of utmost importance, even though I didn’t think so at the beginning when I first started with my blog. But now that I have some experience, I see how significant it is for every blogger to set the extra security up on his blog. Thank you for showing us how we can secure our blogs even more!

Hello Irma, I am glad that you liked it.

Thanks for this informative post. It is useful for all bloggers. Even the pros!

You’re welcome Veethee. Yes it’s great to have additional layer of security no matter who you are. 🙂

Great to read this. I’m currently setting up a new website. And it’s going to be a WordPress website. I’m just starting now to check out which plugins to use.So this is very useful to me. It’s good to have some etra security!

You are correct.

blair villanueva

Thank you for sharing us this new info. However am not a wordpress user, but still good to learn about wordpress. I’ll let my colleagues learn too about 2FA.

I am quite sure that it will be useful.

dont use wordpess but will share this to my wordpress friends as i may need this in the future.. who knows…truth be told you did a very very neat and good job putting this together…

Great. Thanks for the heads up. It will surely be helpful once you try it.

Arumugam Rangasamy

Hey, Mehul Boricha. You have done an excellent job. I guess this post will be useful for all the WordPress bloggers. Personally, I’m so much impressed by your article. Keep posting such informative posts.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.