Here’s a quick guide to adding an extra layer of security to your WordPress blog by enabling the Google Authenticator app. WordPress has been targeted by anonymous hackers around the globe and it’s under a major Brute Force Attack.
![[How To] Add 2-Step Verification to WordPress Blogs with Google Authenticator](https://techbii.com/wp-content/uploads/2024/06/images.png)
It has been reported by many authority sites like TechCrunch, Mashable, and HostGator that hackers are using almost 100,000 IP addresses to bypass login limits set by blog admins. To ensure the safety of your WordPress blog, it is important to be cautious about its security. Here is a simple yet effective guide on how to protect your WordPress blog from being hacked by enabling 2-Step Verification with Google Authenticator.
What is a Brute-Force Attack and How Does it Affect WordPress?
Brute Force attack is the most common term among hackers, especially black hat geeks. In this method, the hackers try logging in to the blog with randomly generated passwords. They usually prefer the Dictionary attack method to guess the password in common cases. But when it comes to advanced attacks, they depend on digital caps which generate non-dictionary words. However, if we don’t make our passwords strong by including special characters it will be easy for the hackers to do the rest.
In WordPress, the username is “admin” by default and most of us don’t change the username since there’s no option from the dashboard. But by doing the following steps, you can easily change your username.
- Create another user with administrative power and switch to that account. Then delete the old account. Remember to create a username other than “admin”, got it?
- Alternatively, you can install the “Better WP Security” plugin to add an extra layer of security to your blog. It has amazing security options to protect your account within the dashboard itself. So it’s highly recommended to install this plugin before moving to our tutorial as it will enable the maximum possible protection for your blog.
Google Authenticator generates 2-step verification codes on your phone. Enable 2-step verification to protect your account from hijacking by adding another layer of security. With 2-step verification signing in will require a code generated by the Google Authenticator app in addition to your account password. -from the developers
Well, I have given the basic terminologies above, and let’s move to the real topic, adding 2 step verification to your WordPress Blog.
Pre-Requisites
- WordPress blog with an admin power account
- A smartphone (Android, iPhone, or BlackBerry), here I’m using Android and I recommend it too.
- Google Authenticator WordPress plugin
- Google Authenticator App (Android version here)
How to Enable 2-Step Verification to Your WordPress Blog with Google Authenticator
I think you might have heard the term “2-step verification” already in Google accounts. Yeah, it gives us extra protection to our accounts even though the hacker identified our password. The hacker may need to enter a security PIN in order to log in successfully even after finding the password. Usually, the verification PIN is sent to mobile phones so as to to notify the real owner. Here also, if the hacker got our password by any kind of attack, he needs to know the secret verification code to access the compromised blog. Pretty good isn’t it?
- Install Google Authenticator WordPress plugin in your blog and activate it.
- Then download Google Authenticator App and install it on your smartphone.
- Now head on to Users>Your Profile and locate the plugin option as shown below.
- Now open the app installed on your phone and create a new account. Now authenticate the app either with the secret code ( unique) or with the QR code.
- Finally, complete the setup and rock on. You’re done adding 2 step verification to your WordPress blog.
Hereafter, whenever one tries to log in to the blog, an extra box asking secret 6-digit code will be seen. That’s it.
As far as I know, it’s very effective when it’s used along with the Better WP Security plugin. Do let me know if you have any doubts or problems regarding this tutorial. Your Comments are highly appreciated. Share it and shower the love. 😀
Going to apply it now !
All the best Bro, let’s freak out the security. 😀
Hey Sid nice info here and well timed. The internet world in attacked by very destructive Storm. I am using limit login attempt plugin. Can this Google authentication plugin run together with LAP?
Hi Koj, it’s extremely happy to see you here (again). Thanks a lot for spending your time to read it. And yeah, you can run it along with LAP. Have you tried it?
Sid, what about registered guest bloggers? Do they need the code as well to log in? If yes, how to go about it?
Not at all, the only person who need the authentication is the Blog administrator. I think you meant “Authors” as registered writers right? As long as they don’t possess admin power, they don’t need. Thanks for commenting here and do let me know if you have any more questions.
Gonna do this right now, thanks for the share man.
Thanks Jijo for stopping by and letting me know your opinion. Do add this tweak ASAP and sleep well. 😀
So if One does not have an android phone then he/she will not be able to use this two step thing right
Exactly, one should either need an Android phone or iPhone or BlackBerry.
Thanks for the amazing article. This will definitely help we bloggers to avoid the possible brute-force attacks on WordPress.
Keep shearing such useful stuff.
Cheers
You are right Suumit, Brute Force attacks are on the peak and we should really add some extra cover to our blog before it’s getting targeted. Thanks a lot for letting me know your opinion on this tutorial and do keep commenting. Cheeerzzz.
Will gonna do this soon on my site
thanks a lot for sharing this information
Glad you like it Siddharth. Please do it ASAP to ensure maximum protection. Anyway, great to see you here and thanks for commenting.
Thanks for the info Sid. I installed the plugin to limit logins and immediately had the same IP address attempt to login 3 separate times but was locked out. I am still concerned, so will go ahead and and apply the 2 step method as well. Thanks again.
Hi mate, happy time hear that you have implemented this security layer on your blog. Stay safe forever and let’s quit the brute force attacks. Thanks for commenting.