How to: Add 2-Steps Verification in WordPress with Google Authenticator?
Previously Google had invented 2-steps verification which adds a powerful security by adding an additional layer of security on login page. It has a great importance in order to make your WordPress login page more secure from hackers. In this article, I’m just going to show you how to add 2-steps verification in WordPress. It’s a kind of 2-steps verification as Google provides but it doesn’t integrate with Google API by itself.
Google Authenticator
Google Authenticator WordPress plugin which adds 2-steps verification like Google does, on your WP blog login page. But in this WordPress plugin we have got to generate an authentication key which will be used while we login into our WP blogs. The 2-steps verification requirement can easily be enabled per-user basis.
How it Works?
Do follow the steps below to enable 2-steps verification on your WordPress blog:
- Install Google Authenticator
- Go to Users > Your Profile
- Active: Un-check the box “Active” because it’ll let you generate a secret password for your Android/iPhone/Blackberry, and if you enables it then you maybe getting following error when using the computer:
- “ERROR: The Google Authenticator code is incorrect or has expired.”
- Relaxed Mode: Check box “Relaxed Mode” which will allow you to use your code for 4 times on mobile devices. If you don’t enable it the Google Authenticator expires your code after every minute. You maybe unable to access your admin area while using any mobile device.
- To make your WordPress admin area accessible on your Android device you must have to use Google Authenticator Android application. For more details, click here.
- Secret Key: You should write down the secret key on a piece of paper and store it in a safe place.
- Scan Bar Code if your description doesn’t have any spaces. Click Show QR code button in WordPress to see the QR code.
- For those who have spaces in their descriptions, type your description as your account name.
- Type the secret key that you have configured in your WordPress admin panel.
- Click Save Changes.
It might be of interest that we have recently published another plugin for strong authentication. It prefers usability to security so you can either login with a password or with one-time code.
If you’re on a secure network, you may want to use just your password but open your smart phone when connected through an insecure WiFi (cafe, train, …).
We tested it with a few smart phone apps: Google Authenticator, Pledge, DS3 OATH, AWToken so you don’t have to rely on Google completely.
Try to search for S-CRIB OTP Authenticator in the list of WordPress plugins (http://wordpress.org/extend/plugins/s-crib-otp-authentication/ ).
Well @Dan you have got a great WordPress plugin… Thanks for sharing this with us.