WordPress Two Steps verification Method Save your site

WordPress Two Steps verification


After adding two-factor authentication to the WordPress website, the level of security in the WordPress website can reduce the risk of hackers and Brute Force attack by almost 90%. Being a very popular Open Source CMS, WordPress is also the main target of hacking.

Therefore, as much as possible, bloggers can keep their WordPress website or blog secure from Security's Point of View, for which they make every effort.

By the way, keeping in mind the security of WordPress website, I have already written a Separate article in which I mentioned about 10+ WordPress Website Security Tips of WordPress Website Security. If you follow that article and follow all those security tips, then you can take the security of your WordPress website to a higher level.

One of those tips was how to add two-factor authentication to WordPress? Which is a main part of WordPress Security. That is why in this post I am going to tell you how you can enable step by step two-factor authentication in your WordPress blog or website?

What is Two-Step authentication in WordPress?

After two factor authentication is active in any blog, it works like a Double Security layer. Meaning that when you provide such strong security to your WordPress blog, then you have to cross two types of Secure Layer to login.

First you have to enter your WordPress Blog's Username and Password and then you have to enter a One time password (OTP) which can be on your mobile number, your email id or in Google's Authenticator App. Only after entering that code can you login to your WordPress Dashboard.

Why is it necessary to add two-step authentication to a WordPress blog?


The first way to hack any WordPress website is to be used by hackers to hack Brute Force attacks. In which they keep trying to hack the blog's Username and Password by guess it.

But just think that if they are ever successful in guiding your WordPress Username and Password perfectly, then only two Factor Authentication Security can save your website or blog from unsafe loss at that time.

To reduce this threat of your website, you should add two-factor Authentication Security to your WordPress so that no one can get access to your website even after knowing the username and password.

How to Add Two-factor authentication to WordPress Blog?

If you want to add two factor authentication feature to your WordPress blog for strong security, then you must have an Android Mobile and Internet connection in it. For this, the way I am going to tell you, without Android Mobile and Internet, you cannot add two factor authentication.

Let us now understand the process of adding two factor authentication, step by step:


Install the Plugin (GoogleAuthenticator):

After login to your WordPress blog, click Plugins> Add New.


Type Google Authenticator in the Plugin Search bar above. Now install the plugin named Google Authenticator that appears in the search results and after install, click on Activate.

After Google Authenticator Plugin is activated, click on Users> Your Profile.

After coming to your profile, scroll down to the bottom, where you will see Google Authenticator Settings. Now watch, read and understand all the steps given below related to the setup of this plugin:

Now Setup the Plugin: 

1. Active:


Checked this checkbox to enable Google Authenticator's security on your blog. By doing this, the Google Authenticator Plugin will activate the two-factor authentication on your blog.


2. Relaxed Mode:


Along with installing this plugin in your WordPress blog, you also have to install Google Authenticator App in your Android mobile. In that Google Authenticator App, Passcode changes every 30 seconds. Which you have to enter when you login to WordPress. If you check the checkbox in front of Relaxed Mode, then the Paascode that changes in 30 Second will change in 4 Minutes.


3. Description:


Here you have to write the name of your blog. Your blog's name will appear under Passcode in the Google Authenticator App on Android Mobile. It is very helpful when you are using Google Authenticator App for more than one blog. At that time it is easy to identify which passcode is for login security of which blog.


4. Secret:


Next to this you get two types of Options. First “Create new secret” and second Show / Hide QR Code. Both these options are for connecting Google Authenticator Plugin to Android Mobile's Google Authenticator App. You can choose any of these options.

But for this article I am going to use the other option Show / Hide QR Code. On clicking on it, you will see a QR Code.


5. Enter App Password:


Leave this option as it is, do not check it.

Now Install the Google App: 

Now open your Android Mobile Play Store and install the Google Authenticator App.

After installing the app, when you open it for the first time, then login with your Gmail ID and after that you will see two types of options.

First: Scan a Barcode
Second: Enter a provided key

Here, first click on Option "Scan a Barcode".

The camera of your mobile will be opened with the Scanning Feature on click. Now you have to scan the QR Code by moving the camera in front of the QR Code given in the Google Authenticator WordPress Plugin.

As soon as QR Code Scan, a 6-digit code will be added to your mobile's Google Authenticator App, which will change every 30 seconds.

After scanning the QR Code, scroll down the WordPress page and click Update Profile at the bottom.

Now next time when you login to your WordPress blog, along with Username and Password, below them you will also see an option called Google Authenticator code.

After entering Username and Password, here you will need to enter that 6 digit code from your mobile's Google Authenticator App, only then you will be able to login securely in your WordPress Dashboard.

After following all these steps in the same way, you can do a Two-Factor Authentication WordPress Security Add (2FA) in any of your WordPress blogs or websites.

Apart from this, there are many other ways to strengthen the security of your WordPress which you must keep enabled on your WordPress blog.