How to Add WordPress Two-Factor Authentication? (Complete Guide)

Apr 23, 2020

How to Add WordPress Two-Factor Authentication? (Complete Guide)

Apr 23, 2020

Are you worried that hackers are trying to break into your WordPress website through your login page?

We wish we could tell you not to worry but the truth is, your website’s login page is under constant attack by hackers and bots. In fact, hackers target the login page more than any other pages on your WordPress site and it’s easy to see why.

The login page offers access to the WordPress dashboard. If they are able to gain access to the dashboard, they can potentially gain complete control over the website.

And when that happens, hackers will wreak havoc on your site. Over the years, we have seen hackers defacing the home pages of hacked sites, stealing data, and sending spam emails to customers. Also, they can be storing files and folders on your site causing it to slow down, and even launching hack attacks on other websites.

Moreover, things can snowball from there. When your site is hacked, Google can blacklist it and your hosting provider can suspend your site.

Luckily you can prevent hackers from breaking into your site and avoid these consequences. One of the best ways to do this is to add two-factor authentication to your login page.

But, this can be technical in nature which makes it a daunting task for many. In this step-by-step guide, we’ve simplified it and made it easy for you to use 2-factor authentication on your site. In this article, we’ll show you the exact steps that you need to take to add two-factor authentication to your WordPress login page.

TL;DR

To protect your WordPress login page from hackers and bad bots, you need to use two-factor authentication immediately. Install and activate MiniOrange 2 Factor Authentication and rest assured that no one can break into your website.

What is WordPress Two-Factor Authentication?

WordPress two factor authentication is a login process using which you can offer an extra layer of protection to your WordPress login page.

To access a WordPress website you need to enter your username and password on the site’s login page. Let’s call it one-step verification.

Hackers are often launching attacks on your website login page trying to guess your login credentials. If they make the right guess they can access your site. Learn more about WordPress bute force attacks here.

So, to prevent hackers from breaking into your website, you can install a 2-step verification process also known as two-factor authentication.

How Does Two-Factor Authentication Work?

Two-factor authentication can be implemented using a plugin. After you have installed the plugin, you have to first enter your login credentials on the login page. Next, WordPress will send a one-time code to your smartphone. This code is valid only for a limited period of time.

 

wordpress two factor authentication miniorange

 

You have to enter this code on your login page to pass the verification process. Only then will you be granted access to your site’s WordPress admin dashboard.

With this login security measure in place, even if hackers are able to guess your login credentials, they still need the one-time code to enter your site. The code goes to your registered smartphone hence hackers cannot break into your website.

Even if they are successful, two-factor authentication ensures that they cannot break into your website.

They need the code that appears only on your smartphone to access your website.

In this way, two-factor authentication stops hackers from right in their tracks and ensures that your website remains safe.

Now, we’ll show you the steps you need to take to enable 2fa on your website. But first, you must choose the right two-factor authentication plugin.

5 Best WordPress Two-Factor Authentication Plugins

While there are many two-factor authentication plugins to choose from, not every plugin is a good choice. Many of the plugins are not regularly updated and some have negative reviews on the WordPress repository left by users of the plugin.

A two-factor authentication plugin should be easy to use, update, and have good reviews from customers who have tried and tested it.

We’ve chosen the 5 best two-factor authentication plugins that check all the right boxes. The plugins are:

    1. MiniOrange 2 Factor Authentication
    2. Two-Factor Authentication
    3. Rublon Two-Factor Authentication
    4. WP 2FA Plugin
    5. Google Authenticator Authy
 

1. MiniOrange 2 Factor Authentication

MiniOrange 2 Factor Authentication is a popular two-factor authentication plugin with over 10,000 active installs and comes with a rating of 5.4 out of 5. It has a free and a paid version. Compared to the next two plugins, WordPress Two-Factor Authentication (2FA) by miniOrange is updated regularly and more frequently.

Key features include:

    • Offers a number of authentication methods (QR Code, Push Notification, Google Authenticator, Soft Token, and Security Questions)
    • Multi-Site support (for the premium version)
    • Many different login options (for the premium version)
 

2. Two-Factor Authentication

The Two-Factor Authentication plugin is developed by the authors of UpdraftPlus, a popular WordPress backup solution. It has a free as well as a premium version. It currently has over 8,000 installs with 4.4. Rating out of 5 and is available in 9 languages including Chinese, English, French, German, Portuguese, and Russian.

Key features include:

    • Easy mobile scanning using graphical QR verification codes
    • WordPress multisite compatible (plugin should be network activated)
    • Supports WooCommerce and Affiliates-WordPress login forms
    • Premium users get emergency codes when they lose their device (tablet or phone)
 

3. Rublon Two-Factor Authentication

Rublon is simple and easy to use. At the time of writing this, it held a 4.2 rating out of 5 in the WordPress repo with over 3,000 active installations. Rublon Two-Factor Authentication is available in English, German, Japanese, Turkish and Polish.

Key features include:

    • Free version available for one WordPress website
    • Easy, hassle-free configuration
    • Authenticate by scanning QR code
 

4. WP 2FA Plugin

WP 2FA is a new two-factor authentication plugin and is built by the popular security plugin – WP Activity Log. At the time of writing this, it has nearly 100 active installs and is updated regularly.

Key features include:

    • Supports two different 2FA methods
    • Very easy to set up and use
    • Block user logins without 2FA
 

5. Google Authenticator

Google Authenticator is one of the most popular two-factor authentication plugins. It has more than 30,000 active installs but the updates are few and far between. The plugin is available in 13 different languages.

Key features include:

    • Support multisite WordPress sites
    • Works with Google Authenticator App
    • Supports users without smartphones (using SMS code or Phone call)

That’s our pick for the best two-factor authentication plugins. In the next section, we’ll show you how you can install some of the plugins on your WordPress website.

 

How to Add WordPress Two-Factor Authentication?

We are going to show you how to add WordPress two-factor authentication using MiniOrange & Two-Factor Authentication plugin. But you can choose any of the plugins we’ve mentioned in the previous section.

    1. Installing MiniOrange WordPress 2 Factor Authentication
    2. Installing Two-Factor Authentication Plugin

1. Installing MiniOrange WordPress 2 Factor Authentication

Step 1: Install and activate the MiniOrange WordPress 2 Factor Authentication plugin on your WordPress website.

Step 2: On your WordPress dashboard, you should find the miniOrange option on the left-hand menu. Select that and it’ll take you to a page from where you can set up the plugin.

Step 3: To create an account with MiniOrange, you need to take the following steps:

    • First, you’ll need to enter your email address, then your company name, and your password.
    • Click on Create Account and the plugin will send a one-time code to your email. You will need to fetch the code and enter it before proceeding.

Step 4: After entering the code, you’ll be asked to set up your preferred authentication method. The plugin offers five different authentication settings methods.

To pick one, you first need to understand how the methods work. We’ve discussed it below.

 

miniorange two factor authentication methods

 

i. miniOrange QR Code Authentication

To use this, you need to download and configure the miniOrange Authenticator app from the Google Play Store or Apple App store.

Once you have this app configured on your smartphone, you’ll have to open the app and click on the ‘Authenticate’ button. It opens on a scanning screen.

Scan the encrypted QR code on the computer screen and you’ll be allowed to access your WordPress dashboard.

ii. miniOrange Soft Token

To use this, you need to download and configure the miniOrange Authenticator app from the Google Play Store or Apple App store.

After this, you need to open the app and go to the soft token screen. It’ll show you a six-digit code that changes every minute.

When trying to login to your site, you’ll be prompted to enter this number.

iii. miniOrange Push Notification

Once you have downloaded and configured the miniOrange Authenticator app from Google Play Store or Apple App store, you get an ‘Allow’ or ‘Deny’ message on your smartphone every time you sometimes access your site.

If you choose Allow, he’ll be able to enter, and if your Deny, he’ll be locked out.

iv. Google Authenticator

To use this, you need to download the Google Authenticator App on your phone. You’ll then have to set up an account and scan the barcode that appears on your computer screen.

After you have scanned the QR code and created an account, enter the verification code that appears on the app.

v. Security Questions

This authentication method involves answering a pre-configure question about your life. The answer should be unique and no one else should know about it other than you.

The next time you try to log in, you’ll see the same question appear and you’ll have to enter the same answer to access your site.

Step 5: Besides option 5 (security questions), if you select any other options, you will have to download the miniOrange Authenticator App on your smartphone.

Step 6: After downloading the app, you need to come back to the website and connect the app with the website. Click on the option Configure your phone.

Step 7: Then open the miniOrange app and come back to the website. On the site you should be able to see an encrypted QR code which you need to scan with the miniOrange app.

And that’s it. Whenever you are trying to log into your website, you’ll have to enter a special 2fa code from the miniOrange app.

 

wordpress two factor authentication miniorange

 

You now have two-factor authentication installed on your website.

2. Installing Two-Factor Authentication Plugin

Step 1: Install and activate the Two-Factor Authentication plugin on your WordPress website.

Step 2: On your WordPress dashboard, you should find the Two-Factor Auth option on the left-hand menu. Select that.

Step 3: Download and install the Google Authentication app on your smartphone. Open the app, and then it’ll ask you to Add an Account by selecting Scan a barcode or Enter a provided Key. Click on Scan a barcode.

Step 4: Visit your website again and go to the Two-Factor Auth page. There should be a QR code. Scan it with the app.

A link between your website and the app has been established.

 

google authenticator scanning

 

Now when you try to log in to your website, you will have to enter a code from your Google Authentication app to access your website.

 

miniorange one time password

 

Now that you have two-factor authentication installed on your website, we are confident that your hackers will be unable to break into your site through your login page. Additionally, you can learn more about WordPress login security by following our guide. And take more security measures like moving from HTTP to HTTPS, and installing a security plugin.

Final Thoughts

Two-factor authentication, installed on your website, will keep hackers away from the login page. Unfortunately, there are several other ways in which hackers hack your WordPress website. You need to take proper protective measures to keep them out.

The best way to do this is to install a WordPress security plugin like MalCare on your WordPress website.

MalCare not only protects your login page but your entire site. It scans your site daily and installs a strong firewall. The WordPress firewall identifies hackers and blocks them from accessing your site altogether. With MalCare, you can be sure your WordPress site is protected.

Try MalCare Security Plugin Right Now!

wordpress-two-factor-authentication
Share via
Copy link