Do you want to add Two-Factor Authentication in WordPress? You would have noticed that popular sites like Facebook and Google are now giving you the ability to add two-factor authentication to improve security. Well now you can also add two-factor authentication to your WordPress site. This authentication process ensures maximum security for your WordPress site.
This article includes, how to add two-factor authentication for WordPress using both Google Authenticator as well as SMS text message.
Why Add Two-Factor Authentication for WordPress Login?
Nowadays hackers use one of the most common trick called brute force attacks. This is a trial-and-error method used to obtain information such as a user password, personal identification number.
If hackers are able to steal your password or accurately guess it, then they can infect your website with malware. To prevent this add two-factor authentication to your website to protect your WordPress website against stolen password. By using this method even if someone stole your password, they will need to enter a security code from your phone to gain access.
There are two ways to setup two-factor authentication in WordPress website:
1. SMS verification: where you receive the verification code via text message.
2. Google Authenticator App: it is fallback option where you receive the verification
code in an app.
Now let us study above mentioned ways in detail:
1. Adding 2-Step SMS Verification to Website Login Screen
Here we add a 2-Step SMS verification to your WordPress website login screen. On successful entering of your WordPress username and password, you will receive a text message on your phone with a code.
Then you have to install the Two Factor and Two Factor SMS plugins. The Two Factor plugin provides multiple ways to set up 2-step verification in WordPress. Whereas the Two Factor SMS plugin is an addon for the first plugin. It adds support for 2-Step SMS verification.
Steps to follow:
- Install and activate both the plugins.
- Once activated, go to Users » Your Profile page and scroll down to Two Factor Options section.
- Select the checkbox next to ‘SMS (Twilio)’ option and also click the radio button to make it your primary verification method.
- Now scroll down to the Twilio section and enter your Twilio account information.
It is an online service that offers phone, voice messaging, and SMS services to use with your own applications. You can use a limited free plan which would be sufficient for our purpose here.
- Visit Twilio website and create your free account there.
You are asked for the usual personal information. After that you are asked which products you would like to use first.
- Here select SMS as your product and then select 2-factor authentication for ‘What you are building’ option. Finally select PHP for your programming language.
- After the signing up for an account, you will reach your Twilio dashboard, click on the get started button.
- Now you are directed to the settings wizard where you need to click on the ‘Get your first Twilio number’ button.
- A pop up will appear on the screen showing a US based phone number. Copy and save this number and then click on the ‘Choose this number’ button.
- Now exit the wizard and head over to Settings » Geo Permissions page.
- Here select the countries where you will be sending SMS. You can also select your own country as well as countries you will be travelling to since you are also using the service to receive SMS for yourself.
- Now go to the Twilio console dashboard to copy your Account SID and Auth Token.
- On your user profile page of your website enter your Twilio Account SID, Auth token, and sender phone number. Add your own phone number as the Receiver Phone Number and then click on the ‘Update Profile’ button to save your settings.
- Now logout from your WordPress Website.
- Again login in website to see the plugin in action, first you will provide your WordPress username and password. After that, you will receive a SMS notification on your phone, and you will be asked to enter the code you received.
- Enter the verification code and you will be able to access your WordPress admin area.
After entering the SMS code, you can access your WordPress admin area.
Note: This method is not useful while you are travelling since there is a possibility of connection lost and hence you will not receive text messages on your phone number.
This problem can be solved by adding a fallback option.
2. Adding 2-Factor Verification to WordPress Website with Google
It is a fallback option. Here SMS verification will still be your primary verification method. If any how you don’t get the SMS, you’ll still be able to login using the Google Authenticator app on your phone.
Steps to follow:
- Go to Users » Your Profile page and scroll down to two factor options section.
- Select the Enabled checkbox next to ‘Time Based One-Time Password and then click on view option link to begin Google Authenticator setup.
You will now see a QR code which you will need to scan with the Google Authenticator app.
- Now install Google Authenticator app on your phone.
- After the app is installed open it and click on the add button.
- Scan the QR code shown on the plugin’s settings page using your phone’s camera.The app will detect and add your website and it will also show you a six digit code.
- Enter the code in the plugin’s settings page. Don’t forget to click on the ‘Update Profile’ button to save your changes.
- Now logout of your WordPress site to see it in action.
We all know that WordPress is one of the most-used blogging tool in the world. WordPress can be used in multiple platforms rather than just blogging. So it is important for you to take security seriously with your site before you lose company or client data. We hope that the above article helped you to Add Two-Factor Authentication In WordPress for free.
You can also talk to our WordPress Customer Support Team, Dial +1-855-945-3219(Toll-Free). In case of any query feel free to contact us as we will help you to fix all your error related to WordPress.