Get Started with WordPress Two Factor Authentication
Two-factor authentication, or 2FA, is a method that adds an extra step to your WordPress login. With a single factor login, all you do is enter your username and password. With two-factor implemented, a second, temporary password is delivered to your smartphone for an added level of security.
Why is it important?
Unless you’ve been living on Mars or under a rock the last year the need for better online security should be quite clear. In the last quarter of 2016, one billion user accounts were hacked at Yahoo. And if that wasn’t enough, Russians reportedly hacked into the US voting system. Truly, the time is now for implementing higher levels of security to every user account possible, which is why a growing list of online services are now offering two-factor authentication, including: Twitter, Instagram, Apple, Microsoft, Yahoo, LinkedIn, Evernote, Dropbox, Snapchat, Paypal, Amazon and Mailchimp… to name more than a few.
The list goes on and on, which begs the question:
How can I get two-factor authentication?
It just so happens we offer this service as a part of our professional WebCare Plans here at Clearly Presentable (for more information, please visit this page). Once you’ve signed up, we will notify you as soon as 2FN is implemented. To get it to work for your personal login, all you need to do is follow the following directions.
How to set up Two-Factor Authentication for your personal login
Although we do a goodly amount of installation and knob-twisting on the back-end of your website, you will need to go through some easy-to-follow steps to get 2FA notifications to work with your Android or iPhone. Believe me, it’s worth taking a few minutes out of your day to set this up. Even though you can click the email link to send the temporary access code to your inbox, using the iPhone method is much safer.
Step 1: Login to your WordPress site
Navigate to your site’s login page. For this tutorial I set up a dummy username, SmartUser. (We love juxtaposition!)
Step 2: Click on the big Activate Two-Factor Authentication button
Right after you login you will see a new alert at the top of the WordPress admin screen indicating we enabled two-factor authentication on your site. Please click the blue “Activate Two-Factor Authentication” button which will lead to this screen…
You will be presented with two steps, the first of which is to install the recommended Google Authenticator app on your smartphone. Although you can click on the provided iOS (for iPhone and iPad) or Android links, I think it’s much easier to just pull out your handheld device and search for “Google Authenticator” in the Apps menu and install it straight away.
NOTE 1: Keep this web browser window open because you will return to it to scan the provided QR CODE.
NOTE 2: We’ve only tested Google Authenticator App, which works smashingly well. You’re welcome to try the other options listed beneath it, which will probably work, but won’t match up with the remaining steps in this tutorial.
Step 4: Install and Launch the Google Authenticator app on your smartphone
Launch Apps on your iPhone or Android and search for the free Google Authenticator App (shown below) and install it.
Once the Google Authenticator app is launched, you will see the screen below.
Click Begin Setup.
Step 5: Scan the QR Code/Barcode
Click on the Scan Barcode link next to the camera icon at the bottom of the screen (see below)…
Your phone’s camera will take over at this point. If you’re asked to allow access to your camera, click YES/ALLOW to continue.
Remember I said to keep your browser window open? Return to it and point your phone’s camera at the code inside of WordPress (see below).
As soon as your phone’s camera locks onto the QR Code, it will automatically scan it and display a numeric code like the one below….
Type the numbers provided into the field located beneath the QR Code in WordPress without any blank spaces and click to “Verify” (see below).
If you entered everything correctly a “Success” message will appear. Be sure to click the big blue button BENEATH this message to enable two-factor using your phone! (see below)
Final Step – TEST!
The only thing left to do at this point is to test it out:
1. Log out
2. When you log back in, you will see this screen:
3. The code will automatically pop up on the screen of your phone!
Taking a few easy steps goes a long way to protecting your WordPress site. Rest assured, if you lose your phone or can’t find it, all you need to do is click the Email link and the code will be sent to your inbox!
Want this high-tech implementation on your Wordpress site? Read about our WebCare Plans now!