Google Authenticator Security WordPress tutorial show you how to create a second level security for your WordPress website.
Last Updated: May 25, 2018
Latest News: I have updated the details in the documentation.
Note: Some are reporting issues with this plugin. I can confirm that this plugins works very well. The first action you should take to troubleshoot any problems you may encounter is to check if you have any compatibility issues between plugins and your theme. I have this plugin running with WordPress 4.9.6, and it works.
Google Authenticator 0.48 changelog.
- Security fix / compatability with WordPress 4.5
If you are serious about your website security then follow these instructions. They are simple and easy to follow.
What You Need:
- Google Authenticator Plugin
- A Smart phone, iPhone or a Google account to use an app through the browser
- Google Authenticator App is the app I am currently using. This App can be found through your smart phone or iTunes.
- (Optional) You might like to read my other tutorial WordPress Two Factor Authentication Core Files
Google Authenticator Security WordPress
Step 1 ) Install the plugin and activate it. See image below.
Important Must Read
Remember: Every person that has an account in your website must also carry out these steps to activate the plugin and add the two step level security to their login credentials. If they don’t carry out these steps, the plugin will not be enabled in their profile. What this means is that when they log into your site via wp-login.php the Google Authenticator Code will not work. This will reduce the security to their account and your website, making their account more vulnerable.
Step 2 ) Go to your user profile. See image below.
Step 3 ) Select which options you require while enabling Google Authenticator.
I have selected the following, Active, Relaxed mode to give me time to enter the code on my website, I entered a unique Description, copied the Secret code to my local hard disk and clicked on Show/Hide QR code. See images below.
Important: The activation is performed only once. After that the mobile app through your mobile phone or google account will provide you with your Google Authenticator Code which is used when login into the website admin panel.
Note: I have not selected to Enable an App password because it will decrease your overall login security.
Step 3-a ) The following image shows you the QR code you need to scan only once with your iphone or smart phone. (Note: Make sure you have a valid QR scanner installed in your phone)
I use Google Authenticator App from the iphone App store.
Step 3-b ) Make sure you click on Update Profile button to save your settings.
Step 4 ) Log out from your admin login as illustrated in the image below and view the new security layer added to your login screen.
Step 4-a ) If everything goes well you will see a second level of security on your login screen.
Google Authenticator Test Login
Step 5 ) To log back into your admin panel you will need to enter your usual Username, Password and now you will also have to enter your Google Authenticator code. Which is provided by the app you installed in your smart phone. See image below.
Note: The Google Authenticator Code you see in the image below is just an example of the code you will enter when login in.
Step 6 ) This plugin also works in a Multisite installation. Make sure you network activate the plugin and then log in as the user. This will allow you to activate the plugin for the current user logged in.
That is how simple it is to set up a Two Level Authentication Security for your WordPress website.
Note: If you enter a space on your description or you use a tilde, a character with a stress on top or accent the QR will not work.
Q1 ) What if you forget the code or security code, lost your phone, accidentally deleted the App from your mobile phone?
Follow these instructions.
Ftp into your server, I use Filezilla for windows. Locate your plugin directory and delete or rename the folder. See image below.
Now check your login again and see if the extra security level has been removed. See image below.
Q2 ) How do I show Google Authenticator to subscribed users only who have enabled the security in their profile?
Solution: You can also installed the following plugin Google Authenticator Per User Prompt.
Q3 ) How do I hide Google Authenticator from settings from users?
Solution: You can check every user’s account profile. In their account profile you will see two options under Google Authentication Settings. Select Hide settings from user.
Alternative to Mobile Phone
Info ) If you don’t have a smart phone you can use some Google Extensions. The following is one that has very good reviews the-qrcode-generator.
If everything goes well you should now have a two level security for your website.
If you have any questions please leave a message. I will be updating this tutorial from to time to time. So keep coming back for any latest updates.
More Google Tutorials: