In one of my previous articles I showed you how to add an extra security layer to your WordPress website by hiding the login page. Today I will show you how to take this to the next level by adding a two-factor authentication to your WordPress admin dashboard.
How does the two factor authentication work?
How does it work? Two-factor authentication (FA) is a security process that requires two separate forms of identification to verify a user’s identity when they try to log in to an account. This adds an extra layer of security, making it much harder for unauthorized users to access an account, even if they know the password.
Two factor authentication process
Example of a Two-Factor Authentication Process: Step 1: You enter your username and password on the login page of your account. Step 2: The system checks your password. If correct, it moves on to the second step. Step 3: The system sends a one-time code to your mobile phone or generates a code through an authentication app. Step 4: You enter the code received on the next screen. Step 5: If the code is correct, you gain access to your account. If not, access is denied.
Step-by-step guide for adding two-factor authentication to your WordPress website
01 Login to your WordPress dashboard
So let’s make your website more secure! Login to your WordPress dashboard.
02 Click “Add New Plugin”
Navigate to the “Add New Plugin” section.
03 Click “Search Plugins”
Search for plugins by clicking on the “Search Plugins” field.
04 Fill “security optimizer”
Fill in “security optimizer”
05 Click “Install Now”
Install the selected plugin by clicking on “Install Now”.
06 Click “Activate”
Activate the installed plugin by clicking on “Activate”.
07 Click “Dashboard”
Access the plugin’s dashboard by clicking on “Dashboard”.
08 Click “Confirm”
You will be presented with a couple of data and marketing options. Click “Confirm” when you are ready with your selection.
09 Click “Manage Login”
Manage the login settings by clicking on “Manage Login”.
10 Install the Google Authenticator app
efore you activate the Two Factor Authentication, take your phone and install the Google Authen- ticator app. It will allow you to get the authentication code which will be needed to login to your WordPress website. The app is available for Android and IOs phones.
11 Make sure the app is installed and working!
efore you dive into the world of double-layer security, make sure your authenticator app is installed and actually opens—because, trust me, trying to activate Two-Factor Authentication without a working app is like trying to lock your door with a spoon. If the app isn’t cooperating or refuses to install, well, consider yourself locked out of your WordPress website faster than you can say, “Where’s my backup plan?”
12 Activate the two-factor authentication option
Enable the Two Factor Authentication on your WordPress website by switching the toggle.
13 Click “Log Out”
Logout from the Dashboard by clicking on “Log Out” button.
14 Confirm “log out”
Confirm that you want to logout.
15 Log in to your WordPress Website
Go to your login page and enter your credentials. Click the Login button when ready.
16 Two-factor authentication QR Code
On the next page you will see a QR code.
17 Go to Scan QR code.
Open the Authenticator app on your phone press and the plus sign at the bottom right corner and then press “Scan a QR code”.
18 Scan the QR code
The camera on your phone will activate and you have to scan the QR code displayed on your website.
19 Your website and code
Your website will be added to the list in the app and there will be a code beneath it. You will be asked to enter this code every time your try to login to your WordPress admin dashboard.
20 Fill in your code
Enter the code from the Authenticator app in your website.
21 Do not challenge me option
If you do not want to use the Two Factor Authentication for a period of time you can mark the checkbox – Do not challenge me for the next 30 days.
22 Click “Authenticate”
Complete the process by clicking on “Authenticate”.
23 Confirm you have saved the restore codes
On the next screen you will see a few codes. Print them or save on a secure location. The will be needed in case you lose your phone or the authenticator app is uninstalled. Confirm you have saved the codes by marking the checkbox.
24 Click “Continue”
Proceed by clicking on “Continue.
25 Logged in
You will be logged in back to your WordPress dashboard.