Security counts to be the most important aspects when it comes to hosting a website online. If you are using WordPress as a CMS to create a sparkling online presence, you should start enabling WordPress Google Authenticator. This post discusses the importance of integrating Google Authenticator in a WordPress blog. Let’s give it a detailed look.
Use Google Authenticator Plugin To Enhance WordPress Security
Google Authenticator plugin is easy to configure WordPress security plugin that allows developers to enable 2 step verification on WordPress blog or website to improve WordPress security. This application works on a particular set of Android, Windows, BlackBerry, webOS, iOS and PalmOS devices. Therefore, in order to use the Google Authenticator Plugin, one must have a smart phone or any other type of device with the respective operating system. Remember, operating systems with Symbian and Samsung’s Java-based mobile operating systems are not supported.
The foremost step to move ahead with the process is the installation of Google Authenticator in your device. All you need to do is visiting the “app store” and browse “Google Authenticator”. Download and Install the application.
Activate Google Authenticator Plugin for WordPress
Go to the WordPress menu, click on Users → Your Profile after which you will be directed to the Google Authenticator settings.
- Active: On clicking this box, you will be assured that your blog is now going to use Google Authenticator.
- Relaxed Mode: Google Authenticator code expires every next minute. On the other hand, a relaxed mode exaggerates the password entry time from one minute to 4. This means that you will have 4 minutes to enter the 6 digit authentication code on the login page. You can either enable this setting or leave it disabled, depending upon the preferences.
- Description: Description specifies a user-friendly description as your account name on the Google Authenticator app. While using, you should take care of spaces to be not included in the description if you are using iOS, iPhone or iPad.
- Secret Key: the Secret key is used to manually add the newly configured WordPress account to the application without using the QR code. To enter the secret key, run the Google Authenticator application on smartphone, then go to Menu Key → Add Account → Enter Key Provided
WordPress account can also be integrated with the Google Authenticator app by scanning the OR code. This is one of the preferred ways as it does not involve any typing.
All you need to do is clicking on Show/Hide QR Code button. The account will automatically be added on clicking the scanned QR code.
- Enable App Password: This option is a must when you are using remote publishing like WordPress iOS app or Windows Live Writer on your WordPress blog. Enabling this option will slow down the overall login security. However, if you are more concerned using remote publishing, then keep on using it by enabling this option and setting an application password.
This step configures the WordPress part. Now, get back to the Google Authenticator App icon and then click on + icon to add a new account. A page similar to the one given would appear.
Time-based one-time passcodes should be used to provide better protection against phishing because each code is valid only for a certain period of time. On the contrary, counter-based codes will require pressing the refresh button next to the code in Google Authenticator app each time while advancing it to the next level.
Scan Barcode is for description not having any spaces. For spaces in the description, type your description as your account name. Next, the user needs to enter the secret key in WordPress admin panel and click “Done”.
After getting logged in, you will see a 2-step verification that asks for Google Authenticator code.
The same process works for the multi-user blog as well. As a multi-user blog admin, you cannot configure Google Authenticator for other users because every single user will have their own unique settings. However, it can be enforced for a WordPress user by navigating to the WordPress user profile.
Summing it up:
The importance of Google Authenticator is becoming extremely important for WordPress site owners. It, not only offers an additional layer of security but also offers an elegant solution to entry level 2 factor authentication protocols.
About The Author:
Bryan Lazaris is an enthusiastic WordPress Developer at HireWebDeveloper. He has been working with different WordPress plugins to deliver a clutter-free WordPress website. He also likes sharing knowledge through his professional write-ups.