Securing your WordPress Login with Google Authenticator

We are influencers and brand affiliates.  This post contains affiliate links, most which go to Amazon and are Geo-Affiliate links to nearest Amazon store.

So many articles will promote the must have plugins for WordPress and go over the same list of plugins including Jetpack, a Google Analytics plugin, an SEO plugin, Comment Moderation plugin, Security plugin and more.  So if you are looking for SEO plugins and recommendations you can look at an SEO Company in Vancouver.  But one more plugin I want to convince you to consider would be a plugin to secure your WordPress site with 2-Factor authentication and one of the easiest is the WordPress Google Authenticator plugin which I love because it not only supports Google Authenticator, but also supports Authy as well so you have a variety of choices for your MFA provider.

Multi-Factor authentication is far more secure than just signing into your WordPress blog with a username/password and even when you rely on cloud or WordPress security plugins if your password is compromised your account can be easily compromised.  By leveraging MFA you have a second authentication and typically this would be a mobile app installed on your phone and connected/paired with your WordPress site.

To get started all you need to do is make sure you have Google Authenticator or Authy installed on your mobile phone and then download the plugin that you see in snapshot below.

Just go to Plugins > Add new and search for Google Authenticator and add it.

Then after it is installed and activated go into your Settings and select Google Authenticator Settings.  Choose which types of roles you want to require Google Authenticator to login, I did administrator role and don’t require it for contributors for example.

After you select your role and save, you will see a QR code that you can scan with your Google Authenticator or Authy app and then you will now be given a rotating code you can use to sign into your WordPress site.

Once you scan the QR Code in your Authy App you will see your website listed and have a key.

Then sign out of WordPress and sign back in and you will see your Google Authenticator requirement after you enter your password.

Just pop open your Authy or Google Authenticator app and enter they key before it expires and you are golden.

There your WordPress site is now 2-Factor enabled quick and painlessly, this helps keep your administrator roles far more secure and the best thing is you can enable MFA for all your editors, contributors if you want as well.  This helps protect your WordPress site from account compromisation by a users password being compromised.  It isn’t a replacement for security plugins or a cloud service like Incapsula as it won’t protect against hacks, bot attacks against insecure plugins or other vulnerabilities but at least you don’t have to worry about a compromised password compromising your administrative account for WordPress.




We are influencers and brand affiliates.  This post contains affiliate links, most which go to Amazon and are Geo-Affiliate links to nearest Amazon store.