Setting Up 2FA On WordPress With The Google Authenticator App 'LINK'
If your WordPress website uses a custom login form page, then you can also create a custom page where users can manage their two-factor authenticator settings without accessing the WordPress admin area.
Setting up 2FA on WordPress with the Google Authenticator app
Its great to se you have added 2-step authentication to the iThemes security pro. Its a little disappointing to see however that you went with the Google authenticator rather than Duo-security or Launchkey.
If you don't already have it, you'll need to install google authenticator on your phone in advance.Google's instructions for this are actively updated, so review them here and return here once completed: Installing google authenticator
Creating the policy and activating 2FA for your administrator user without the wizard requires that you go to each option on the settings page yourself. When you set up 2FA for your user, you must go to your user profile to enable it.
What is two-step verification?Why should you use a two step verification login?How to turn on two factor verification for your SiteGround accountEnable two-factor login & start generating codesDownload the authenticator app to your smartphoneAdd your SiteGround accountConfirm successful activationHow to log into your SiteGround account using 2-step verificationHow to remove two-step verification Review and reconfigure two-step verificationTroubleshoot problems with two-factor loginTwo-step verification is one of the easiest and most secure ways to protect your data against hacking and identity theft. Until recently, a username and password were deemed sufficient to secure your account. However, single-factor authentication makes it easier for hackers to compromise your account.
Open the authenticator app on your phone and find the code currently generated for your account. Enter it in the available field and press Login to enter your account securely. Note that on different devices and applications the code may appear with spaces between the digits. You need to enter the code without these spaces when logging in to My Account.
On successful registration, the page will show the options to select any one of the two-factor authentication methods listed on the plugin settings flow. In this next section, we will see the methods provided by the miniOrange plugin to add an additional level of security with the two-factor authentication.
The miniOrange plugin supports numerous methods for adding more security to the login with the WordPress two-factor authentication feature. These methods are available depends on the basic(free), standard, premium version of this plugin. The plugin settings page contains the option to upgrade to the higher version to get additional features of this plugin.
In the following sections, we are going to discuss the authentication methods allowed with the free version of this plugin. Below screenshot shows the plugin settings page to choose any one of these auth methods.
This plugin supports many authenticator apps and also the miniOrange authenticator app. A straight-forward, simple two-step process is enough to set up WordPress two-factor authentication with this method.
The configuration steps are very similar to that of the Soft Token authentication method which we have seen in the last section. After configuring with this type of authentication method, the second level authentication will prompt you to scan the QR code from the account in your authenticator app.
By setting with the Push Notification method, the login authentication will send the notification to the authenticator app. The user has to Accept the notification to proceed further with the login process.
By clicking the Test Authentication Method button the page will be redirected to the form to test your selected authentication method. Once everything is working perfectly as you have expected then you have done with the two-factor authentication setup. From the next login onwards your WordPress site login will contain an additional level of authentication based on the method configured with the authenticator plugin.
Everybody knows the URL of the login page of your WordPress site unless you have changed the default setting. At a first place it is easier to identify that you are using a WordPress site and there are numerous signatures a WordPress website leaves for that. Same way, it is easier to get the WordPress author URLs and subsequently admin usernames. All there is left with is the password.
After setting all this up, whenever you will log in, you will have to open your app, and you will have to enter the keyword provided within the provided time. This way, you will be able to secure your website in the best way possible.
Google authenticator is a popular mobile app for login verification. It is better than phone & email verification because phone verification sometimes gets delayed due to network issues. Google authenticator is instant.To set up Google authenticator with WordPress, we can use this plugin from miniOrange.First of all, install Google authenticator on your smartphone. You can install it on iPhone and Android.
If you see a Failed to set user configuration: The security code is invalid. error, a problem may exist with the date and time settings on your server. To fix the issue, contact your hosting provider.
Navigate to your user profile to adjust the plugin settings. 2FA can be enabled on a per-user basis. One option would be to enable the plugin for administrator accounts, but log in as usual with less privileged accounts. You can also set a login password, in the case that you are using a third-party service to manage your website. 350c69d7ab