Why Add Two-Factor Authentication for WordPress Login?
One of the most common tricks hackers use is called brute force attacks. By using automated scripts, hackers try to guess the right username and password to break into a WordPress site.
If they steal your password or accurately guess it, then they can infect your website with malware.
One of the easiest ways to protect your WordPress website against stolen passwords is to add two-factor authentication. This way even if someone stole your password, then they will need to enter a security code from your phone to gain access.
In this article, I will show you How to Add Two-Factor Authentication to a WordPress site using a plugin.
How to Add Two-Factor Authentication in WordPress
Read also:
How to Add Two-Factor Authentication in WordPress
First of all, you have to install a WordPress Security Plugin.
- Wordfence Security – Firewall & Malware Scan
- Defender Security – Malware Scanner, Login Security & Firewall
Using these plugins you can secure your website and can add 2FA to your WordPress site. We already tested the above plugins. They worked well. So choose the security plugin that you want.
Install the 2FA application for your mobile
To Setup Two-Factor Authentication You Need to install the 2FA application for your mobile. Here are the best and recommended applications.
- For Android™, iOS®, and Blackberry® – Google Authenticator™
- For Android and iOS – Duo Mobile
- For Windows® Phone – Authenticator
For security, we cannot share screenshots.
1. Wordfence Security – Firewall & Malware Scan
Let’s add 2FA for admins using Wordfence Security plugin.
1. Go to the Login Security page in your site’s wp-admin area (this is on the Wordfence menu)
2. Open your authenticator app and add a new entry; most apps have a plus sign or a tiny QR code
3. Scan the QR code on the login security page; your authenticator app should then display a six-digit code
- If you are accessing a site on a phone or tablet and obviously can’t point the camera at its own screen, you can copy the line of letters and numbers below the QR code, and paste that into an app, using the app’s “manual” setup option
4. In the “Download recovery codes” section, click the Download button
Recovery codes can be used if you lose your device. Print or save the file, and store it in a safe place.
5. Enter the six-digit code that appears in your authenticator app
- This code changes every 30 seconds
- If the code expires, you can enter the next code instead
6. Click the Activate button
That’s it! If this is your first time setting up 2FA on a site you may want to try logging in to the site in a different browser or in a private or incognito browser window to check for any compatibility issues before logging out.
2. Setting Up Two Factor Authentication with Defender
1. Go to Defender > Dashboard in the WordPress admin and scroll down to the bottom where you’ll see these Advanced Tools.
2. Click Activate.
The message will refresh to let you know that two-factor authentication has been enabled for your site.
3. Follow the steps by downloading Google Authenticator for your phone, scanning the barcode, and entering the six-digit passcode that the Authenticator app generates.
4. Click Verify and you’re all done!
Next time you log in to your site after you enter your username and password, you’ll be asked to enter a passcode. Just fire up the Google Authenticator app on your phone and enter the passcode.
Defender includes some advanced features for two-factor authentication, including:
- User Roles – Enable two-factor authentication for certain user roles for your site.
- Lost Phone – If a user is unable to access their phone, you can enable an option to send a one-time password to their registered email.
- Active Users – Site admins can view a list of users who have the feature enabled.
- Deactivate – No longer require two-factor authentication for your site? Simply turn it off.
Read also: How to Secure WordPress site
WordPress security is one of the crucial parts of a website. If you don’t maintain your WordPress security, hackers can easily attack your site. Maintaining your website security isn’t hard and can be done without spending a penny. if you have any questions please comment below, we are always here to help you.