Increase the level of protection of the WordPress site with the Google Authenticator application

Although the WordPress system has a high degree of security and protection by default, the behavior of the site owner or some users may cause the site to be hacked and data stolen, and examples of these behaviors include choosing a weak password to enter the control panel, such as 112233.

For this reason, it is better to implement an additional degree of protection for WordPress in order to help prevent the access of people who were able to obtain the login data to the control panel in some way, hence the idea of ​​two-factor authentication, or what is known as 2FA , which does not allow the person By completing the login process only after taking an additional verification step even after entering the login information peacefully.

In today’s article, we will learn about the concept of two-factor authentication, and its role in raising the degree of protection of websites, and then we will explain in a practical way how to use the Google Authenticator application to activate two-factor authentication within WordPress sites to secure logins to these sites.

How does two-factor authentication work?

Two-factor authentication plays an essential role in addressing login data theft attacks, the most famous of which is the brute -force login attempts, in which hackers try to use some techniques to guess and predict passwords and usernames to enter the site’s control panel.

 

The idea of ​​two-factor authentication depends on obligating the user to perform an additional verification step after writing the login data peacefully, and therefore even the person who logs into the control panel using his login data will not be able to enter unless after performing the two-factor authentication step.

The most famous example of two-factor authentication is social networking sites. When you log into your account using your username and password, you will notice that the site sends a text message containing a code that you must also enter in order to access your account, and therefore the password and username will not be sufficient. to complete the login process.

There are several types and different ways to activate two-factor authentication within the site in order to further protect and secure the login process. Here are the most popular types of two-factor authentication used by website owners:

1. Confirmation of the other party: This type of two-factor authentication prevents the process of logging in to the site even if the login data is 100% peaceful, until another confirmation process is completed by another party, such as sending a confirmation code in a text message, or within a phone application such as an application Google Authenticator, which we will discuss later. 
2. Special code: In this type, the user has his own code only in addition to the login data, so that when logging in, he will be asked to enter the special code even after writing the login data correctly. 
3. Physical Verification: Here the person uses some elements of his body to confirm the entry process, such as using a fingerprint or a face print after writing the login data in order to allow him to complete the login process for the site, and therefore a person will not be able to use the login data without the physical fingerprint of the same person. 
4. Specific location : The location of the login process is also used as a type of two-factor authentication at times, as the login process is allowed to be completed from specific places only, and therefore if the login process takes place from a different place it will be blocked, and there are a lot of WordPress plugins that By applying this type of protection, such as adding Wordfence . 
5. Specific time : Exactly the same idea as the place, this type allows logins to be performed at specific times only, and therefore any attempts to enter at times that are not allowed are automatically blocked even if the login data is correct. 

How to connect Google Authenticator to WordPress

We will begin by explaining the practical steps for applying and activating two-factor authentication within WordPress to protect the login page from illegal login attempts, using the Google Authenticator application. 

First: Install the Google Authenticator plugin from the official WordPress plugin store and enable it on your site. 

After installing and activating the plugin , go to the Settings tab within your WordPress site control panel, then go to the Google Authenticator tab .

Second: Click on the option to activate the two-step verification process after the successful login process by clicking on the checkbox (Ask for authenticator code on secondary login screen)

Third: Choose the type of memberships within your site that you would like to activate the two-step verification box on their registration processes, such as the admin or the editor.

After that, head to the Google Play Store to download the Google Authenticator app on your mobile phone:

After downloading the application on your phone, go back to the WordPress control panel, enter the settings tab and choose the Google Apps login tab, which opens a screen containing the QR code that you will scan with your phone in the next step:

Go back to the application on the phone, and click on the option to scan the QR code , and it will open the camera for you, point the camera to a code to the QR that appears inside the WordPress control panel as in the previous step, so that the code is scanned:

Once you scan the code on your phone, you will see a code consisting of 6 digits often, type this code into the activation code box in the WordPress control panel, then click on the Verify Authentication Code e button as in the following image

By completing this step, you have successfully linked and completed the process of logging in to your site with the application of two-factor authentication from Google Authenticator.

From this moment, when you log in to your site, even if the login data is 100% correct, you will have to take an additional confirmation step that will appear to you, as you will be asked for an entry confirmation code, which you can obtain by opening the application on your phone to find the code shown in front of you , and then you type it to confirm that the login was successful.

Now the two-factor authentication application will work on all registrations performed by any of the site managers, or all the memberships that you chose to activate authentication in the first steps of installing the add-on, as we explained. 

But you can still disable two-factor authentication when logging in to a member, by logging into the member’s profile from within the (Members) tab in WordPress, and deactivating two-factor authentication for this member only if you want to:

Important note

Do not delete the two-factor authentication application from your phone until after you deactivate its plugin on WordPress, if you later wish to disable two-factor authentication for any reason, so as not to lose access to your account on the site. 

Conclusion 

In today’s article, we learned about the concept of two-factor authentication and how to achieve it on the WordPress site through the Google Authenticator application . As you noticed, activating two-factor authentication within WordPress is one of the easy things that you can do without much effort, so it is an option worth considering for every website owner who wants to increase the degree of protection and security. On the login page for members and site administrators. 

If you are the owner of a website or online store, we advise you to activate two-factor authentication on your site now by following the steps that we explained in the article, especially after the spread of many vulnerabilities aimed at accessing the WordPress registration page to reduce the possibilities of your site being stolen or hacked.