The WordPress login page is always brute-forced by malicious bots. These bots try to guess the username and password of your WordPress website. First of all, users should set a strong password to make it impossible to guess the password. If even after a secure password, username and password are hacked or leaked accidentally, and for that, you can set up a login verification or two-factor authentication.

What is Two-Factor authentication or 2fa?

2-factor authentication is a way to authenticate the owner of the account who’s trying to log in. It works by sending a 4 or 6 digit code to the owner’s registered email id or registered phone number after providing the correct user credentials. Then the user has to provide the code to verify the login. This way, anyone who has an account username and password will not log in since he can’t provide the code sent to the registered email or phone.

How to setup 2-Factor authentication in WordPress?

WordPress does not have a built-in login verification system. Besides not having this feature in WordPress core, there are multiple plugins for implementing OTP verification in WordPress.

1. miniOrange Google Authenticator – WordPress two factor authentication

Google authenticator is a popular mobile app for login verification. It is better than phone & email verification because phone verification sometimes gets delayed due to network issues. Google authenticator is instant. To set up Google authenticator with WordPress, we can use this plugin from miniOrange. First of all, install Google authenticator on your smartphone. You can install it on iPhone and Android.

Setup Google authenticator – WordPress two factor authentication

Login to your WordPress dashboard and go to Plugins > Add New.Search Google authenticator & install the plugin Google Authenticator – WordPress Two Factor Authentication from miniOrange.

After installing the plugin, activate it.Now open miniOrange 2-Factor settings from the sidebar.

It will open the plugin settings. It will ask you to enter an email address and password to create a miniOrange account. After the account creation, it’ll redirect you to the dashboard. This plugin supports multiple ways for WordPress login verification. The easiest one is to set up Google Authenticator. For that, you’ll first need to install Google authenticator on your smartphone. Google authenticator is available to install from the Android and Apple store. After you’ve installed the app on your smartphone, let’s configure it with a WordPress website. From the miniOrange dashboard, click ‘Google Authenticator from the dashboard. It will take you to the setup page. If you want, you can also use Authy Authenticator and LastPass Authenticator. In this article, I will only set up Google Authenticator, but the process for the other two apps are the same. Select Google Authenticator and enter the account name. This will be visible in the authenticator app. Now open the authenticator app on mobile and click on the ‘+’ sign to add a new account. Select to scan QR code. This will activate the phone camera and ask for a QR code. Scan the QR code to complete the process from the app side. After that, the authenticator app will generate the code and enter this code in the text box as shown below. Finally, click ‘Verify and Save’ to complete the setup. And that’s it. From now on, for each login, WordPress will require OTP from the Google authenticator app to verify the login. miniOrange authentication plugin provides many other verification methods. So do check them out if you want. The app also provides various other security settings for WordPress sites, so check them out and enable them if necessary.

2. Two-Factor

miniOrange Google authenticator is an excellent plugin for verifying WordPress login through Google Authenticator and other authentication apps. But, besides this, that plugin has various security features that some of you may already have implemented in WordPress and been using. So this plugin is not useful when more than 90% of features are inactive. In that case, it’s better to install a plugin that is just for two-factor authentication. And Two-Factor, as the name says, is just for that. Two-Factor is so simple that it does not have its own page for configuration. After installing the plugin, go to your WordPress profile, and at the bottom, you will have all the settings to set up WordPress 2-Factor authentication. First of all, install Two-Factor from the WordPress plugin store. Go to Plugins » Add New and search for Two-Factor. After the installation is complete, go to your profile (Users » Your Profile) for the setup. As you can see, there are various ways to verify the login. Email and Google authenticator are the ones you can easily set up and use in WordPress.

Receive OTP on email

To receive OTP on email, check ‘Enabled’ and select Email as primary. Update profile to save the changes. And that’s it. Next time you log in, WordPress will send an OTP to the registered email to verify the login.

Setup Google Authenticator for verification

Set up Google authenticator, check ‘Enabled’, and select ‘Time-based One-Time password’ as primary. Now open the Google Authenticator app on your mobile, tap the ‘+’ sign to add a new account, tap ‘Scan bar code’, and scan the code. Finally, enter the OTP in the text box and hit submit. And that’s it. Next time you log in, WordPress will require you to enter OTP from the Google Authenticator app to validate the login.

Conclusion

So this is how you can set up login verification or 2fa on your WordPress site. These two plugins do the job easily, especially the Two-Factor plugin that is only for this security. If you have any difficulty setting up the plugin, please let me know in the comment section below.