How to Setup WordPress 2 Factor Authentication Tutorial (Step by Step)

How to Setup WordPress 2 Factor Authentication Tutorial (Step by Step). WordPress natively provides high security standards. 2 factor authentication is one of the highest forms of security available. WordPress provides the user with the option to use 2 factor authentication if they wish to do that. This article covers how to activate and use 2 factor authentication for WordPress.

What is WordPress?

WordPress is one of the most popular content management systems (CMS) across the digital landscape. It can be used to manage content and publish blogs on websites. The open source software is developed by Automattic. This means WordPress can be used by anyone without paying a fee to anyone.

WordPress can be downloaded for free at the website wordpress.org. This basic package can be used as the backbone for an entire website or web application. The open source nature of WordPress gives you the freedom to use and customize the software as you see fit.

WordPress was first released in 2003 as a simple blog engine. Later it evolved to be a full featured content management system and website creation tool. Today, WordPress is used by millions of individuals, businesses, and organizations all over the world. 

WordPress powers complex and elaborate websites to simple blogs and everything in between. The simple to use templating system with WordPress is supplemented by thousands of themes, extensions, plugins and search engine friendly link structures. 

WordPress is an extremely versatile technology that helps you maintain content, engage with social media, perform well on search engines and minimize development costs. It is the reason why WordPress powers 43% of all websites on the internet.

Let’s start on how to Setup WordPress 2 Factor Authentication Tutorial (Step by Step) with introduction of 2fa.

2 Factor Authentication

Passwords are not sufficient to protect your digital accounts and applications. Though passwords are one of the common methods of authentication, they are also the most vulnerable to attacks from cyber criminals. They obtain passwords using brute force methods, phishing attacks, or other malicious means.

Due to the lack of protection offered by passwords, you often need a second way to verify and authenticate users. The practice of using a second method to authenticate users in addition to passwords is 2 factor authentication. Today, most digital services offer users the choice to opt for two factor authentication (2FA).

2FA -Two Factor authentication explained

Three factors are generally recognized for authentication. They are:

1. Something that you know, like passwords.

2. Something that you have, like a hardware token or cellphone.

3. Something you are, like a fingerprint or iris scan.

2FA uses two of these three factors for authentication. Generally, the first factor used is something you know- a password. The second factor may be something that you have or something you are. Hardware tokens, authenticator applications, SMS to cell phones, etc are the most commonly used second factors for authentication.

Cyber criminals rely on the mistakes of users to hack into their accounts. Two factor authentication is an additional road block in the way of malicious attacks. Most digital applications support two factor authentication. You need to consider activating 2FA for all your accounts to protect your digital identity and online data.

Benefits of 2 Factor Authentication

Two factor authentication has slowly become the industry standard. There are many advantages of using two factors for authenticating users. We will discuss some of the benefits of using 2FA.

Enhanced security: The most obvious benefit of using a second factor for authentication users is the additional layer of security. With more layers of security, it is difficult for cybercriminals to have unauthorized access to digital accounts and data.

User identity: Two factor authentication ensures user identity is not compromised under any circumstances. This assurance is provided by the multiple layers of security making it impossible for unauthorized users to access protected data.

Implementation: 2FA can be easily implemented to existing applications or digital platforms. The addition of 2FA does not require elaborate reworking of application infrastructure.

Intuitive: Most two factor authentication methods are intuitive for users. This ensures that users adopt the better security protocol without much friction. 

Lower cost: Since systems using two factor authentication are highly secure, there is no need for advanced security tools and protocols. Monitoring and other associated costs are also lower. In this manner, 2FA helps to reduce operational costs.

WordPress 2 Factor Authentication

WordPress allows users to activate two factor authentication. It is not automatically turned on when a WordPress account is created. You have to actively turn on 2FA to reap the benefits of the same. It is necessary to turn on the feature to protect your website or blog from cyber attacks or different forms of data exfiltration.

1. First as the image above shows you need to log into your WordPress account with your username and password. Once you are logged in, you need to navigate to the profile section within the application. This is done by clicking the profile image on the top right corner of the webpage. This is next to the Write button.

2. The left hand menu bar available at the profile page provide many options. Choose “Security” option to access the page where security options can be changed. The menu has a locked padlock symbol next to the text “Security”.

3. The security page has many options and settings associated with protecting user accounts. The option to activate two factor authentication is also nested in this setting. In the “Security” page, choose “Two-Step Authentication”. This leads to the menu where you can choose the second factor for authentication.

4. There are two ways to implement two factor authentication in WordPress. We will discuss how you can implement two factor authentication using both the ways.

Next in the article how to Setup WordPress 2 Factor Authentication Tutorial (Step by Step) is to talk about setting up 2fa authenticator using SMS service.

2 Factor Authentication Using SMS

All of users currently have a mobile phone connection. The second factor to authenticate users can be something they have. A valid cellphone number is an appropriate and ubiquitous option. It is one of the two options provided by WordPress as a second factor to authenticate users on the platform.

  • Among the options, choose “Set up using SMS”. Once the option is selected, click on “Get Started” button. The procedure will initiate the system by which a unique passcode will be generated and sent to your mobile device as an SMS. You will have to enter this unique passcode to access your account.
  • In the next page, select the country code from the drop down menu. You can scroll through the long list or try typing in the first few letters of your country. Once you have correctly selected the country code, enter the phone number by which you can receive SMS code for authentication. Click on “Continue” button, once the fields are populated.
  • You will receive seven digit code from WordPress.com as an SMS. Check your messages on your phone to read the code. You need to ensure you have adequate coverage to receive text messages. It might take a couple of minutes for the message to be delivered. Just be patient till the SMS lands in your inbox.
  • Enter the code you received from WordPress in the field provided in the next page as shown above. You can click the “Resend Code” button, if you have not received the SMS containing the code. You will get another text message with the code. It is wise to wait a few moments before choosing “Resend Code” button.
  • Once you have received and entered the code in the space provided, click the “Enable” button. This enables two factor authentication for the WordPress account
  • You also get 10 back up codes that can be used one time each. You can use one of these codes to access the WordPress account if you do not have your phone to receive text message. Keep in mind that each of these back up codes can be used only one time. After printing or noting down these codes, click on “All finished!” button.
  • In the next page, you can see that two-step authentication is ON for the account. You can also view the mobile number to which verification text messages will be sent. In this guide how to Setup WordPress 2 Factor Authentication Tutorial we also show you the option to disable two step authentication from this screen. 

Disable 2fa

  • To disable two-step authentication, click on the button “Disable two-step authentication”. You need to enter the code you received via text message in the respective input field and click “Disable Two-Step” button.

2 Factor Authentication Using App

Instead of authenticating using SMS, you can also chose to authenticate using authenticator apps for your smartphone. The two recommended applications are Authy and Google Authenticator. Authy is available for Android devices, iOS devices, MacOS, Windows, and Linux. Google authenticator is available for Android and iOS devices. Choose the app that suits your needs and devices. Both the apps work similarly. First, let us try to understand what an authenticator is.

What is an Authenticator?

Authenticator applications are another way to add a layer of security to digital applications. You need an authenticator app downloaded on your device to use it as the additional factor for two factor authentication. First, you need to establish a secure connection between your account and the authenticator app.

Your user account will generate a secret key that can be added to the authenticator app. This can be added manually or by scanning a QR code via the app. This synchronizes your account and the authenticator app. The app will generate a six-digit code that you need to enter to log in to your account. Each six digit code has only a life of 30 seconds. You need to enter the code generated in the nearest timeframe to gain access to your account.

Advantage of using authenticator app

Among the various ways to implement two factor authentication, the use of an authenticator app is the most secure. It has all the advantages of using 2FA methods like SMS. Security, flexibility, ease of implementation, etc, are inherently present for authenticator apps.

The added advantage of using authenticator application is that there is no interference from other applications. When an SMS is sent to your phone number, the network provider has access to the content of the message. Other applications in your phone may also have access to read SMS. This is an added risk.

With authenticator app, there is no interference from other applications. The code is generated within the application without an external connection. The app does not even require an internet connection to generate code. This makes using the authenticator app a much safer option than relying on SMS for two factor authentication.

Steps to Add Authenticator App in WordPress

  • Make sure you have the authenticator app installed and set up properly before you add your WordPress account to the app. You can also choose to add passcode or biometric lock for additional protection.
  • Among the options, choose “Set up using an app”. Once the option is selected, click on “Get Started” button.
  • Scan the QR code displayed in the next page with the authenticator app of your choice. The authenticator app displays a six-digit code that changes every 30 seconds. You will have to enter the code before it expires and click on the “Enable” button. This enables two factor authentication for your WordPress account using authenticator app of your choice.
  • You also get 10 back-up codes that can be used once. You can use one of these codes to access the WordPress account if you do not have access to the authenticator app. Keep in mind that each of these back-up codes can be used only one time. After printing or noting down these codes, click on “All finished!” button.
  • In the next page, you can see that two-step authentication is ON for the account. Once this is set up, you will need to enter the code from the app in addition to your username and password to gain access to your WordPress account. You also have the option to disable two step authentication from this screen. 

Disable 2FA

  • To disable two-step authentication, click on the button “Disable two-step authentication”. You need to enter the code from authenticator application in the respective input field and click “Disable Two-Step” button.

Great, we have learned a bit more about How to Setup WordPress 2 Factor Authentication Tutorial (Step by Step). Let’s summarize.

How to Setup WordPress 2 Factor Authentication Conclusion

Two factor authentication is a quick and effective way to protect your digital accounts and platforms. WordPress natively supports 2FA. You need to activate the feature to avail the additional security. You can enable 2FA using SMS to a mobile number or using and authenticator app. Despite the method you choose for 2FA, securing your account with 2FA adds on an addition layer of protection for your WordPress account. Check out our WordPress WP Cloud SSO Plugin solution.

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x