In the post we will show us How to A Guide To 2 Step Verification For WordPress Using Google Authenticator
These days, being security conscious helps as online security is a considerable point of concern. There are reports of a number of websites, brands and online accounts being attacked by hackers, everyday. As WordPress is widely used, it’s not considered to be immune to such attacks. A number of WordPress websites have been targeted successfully in recent past.
The biggest issues in case of WordPress are the default “admin” username and weak passwords, as they are easier to brute force. The most common advice in for such cases is to never use “admin” as the primary username and come up with a strong password, rather than a common and easy to remember ones.
ALSO READ – Five Things You Must Use on Your New Blog
And when you value your WordPress blog and want to leave no stones unturned in case of security, you must always employ skilled WordPress developer and the best practises in terms of security, authenticity and verification.
Google authenticator : It’s functionality
Google has rolled out two factor authentication for security of your site with Google Authenticator. With this, apart from the login credentials (username and password) you need to enter a 6 digit number (a time restrained random security code). In case your login credentials are correct but the 6 digit number is not, access will not be granted. The best part is that no one can access your account without the 6 digit number even if your password and username get lost. This 6 digit code is received on your mobile device. The point behind this is that since your blog is directly linked with your mobile device, you are the only person who must have access to get the unique code for each login. Moreover it comes with an expiry time period.
A noteworthy aspect is that Google Authenticator only works on these platforms : Android, iOS, Blackberry, Windows Phone, webOS and PalmOS. Therefore you are required to have a smartphone, iPod Touch or a tablet with aforementioned operating systems in order to use Google Authenticator.
People are welcoming this measure with open arms as Google accounts and other services also offer this feature.
Let us delve deeper into the 2 step authentication process in WordPress using Google Authenticator. This WordPress security measure is highly recommended for securing your blog/site against hackers.
Google Authenticator in WordPress
To enable Google’s 2 step Verification in WordPress , there are some plugins available. Let’s look at them
This one, by Henrik Schack has over 10,000 active installs. Even though it says it is compatible upto WordPress version 3.8.3, people have been using it on the latest version without any complications. It lets you enjoy the two factor authentication using the Google Authentication app for Android/iPhone/Blackberry. The authentication requirement can be enabled on a per user basis. You may enable it for the administrator account but login as usual with less privileged accounts.
This one by Julien Liabeuf also uses the Google Authenticator app . Its prime features and functions include :Adding two factor authentication to WordPress login page, Independent enabling for each user, enforcement for use of two factor authentication for all users,supporting application passwords with access logs, reminders and warnings on dashboard, clock discrepancy etc.
This plugin is slightly different than the rest as it modifies the way Google Authenticator behaves. Only users who have it enabled are being prompted for the token. In case they don’t have it enabled, they will directly proceed to the admin panels, otherwise they will be asked to enter their two factor authentication code.
Installing the plugin on your WordPress website
Let’s pick Google Authentication for WordPress for understanding the installation process. First, you have to download and install the said plugin.
After activating it, you must go to “Users >> Your Profile”. Now, to activate the two step verification, select the “Active” check box.
The next step is to make changes in the description, in order to recognize the website access on Google Authenticator mobile app and show the QR code. You can add the name of your blog, or something else.
Installing Google Authenticator on your Mobile device
You must carefully download and install the Google Authenticator app on your mobile device. You can go through the step by step instructions on the support page. Click the pencil button/icon on the upper right to start using the app. Press the “+” icon at the bottom to add a website. You can choose to scan the barcode and point your camera at it.
In case you are facing any problems doing so, you can use the secret key. You can select “Manually Add Account” and enter the key. Ensure that you make it “time based” and click save.
Now logout of the WordPress site and visit the login page. You will be able to view the field for Google Authentication for your login screen.
Now, punch in your user name, password and the six digit code and launch the mobile app to get the same code to login. One thing to remember is that the code is time constrained and expired within a minute. Of Course, you can activate the “relaxed mode” on the settings page if you need more time.
Concluding insight : Should you use Google Authenticator?
We have been using two step verification for Gmail accounts for a while now and we know it works pretty well. WordPress Bloggers and developers who have been using the same on the WordPress platform report of similar results.
There might be cases where you may get and error or are unable to login to your website. The reason is that the first time, mobile application is not synced correctly. When the initial hassle is over, Google Authenticator for WordPress proves to be well worth the efforts and makes your website more secure and safe.
Arya Stark is a web developer working for an Offshore CMS Web Development Company, Xicom which offers portal cms and website content management services at affordable rates. So if you are looking to avail the best content management service, you can get in touch with her.