Google Authenticator Security WordPress tutorial show you how to create a second level security for your WordPress website.
Last Updated: August 6, 2022
Latest News: Updated the documentation.
In this post you will learn how to setup Google Authenticator plugin. Nowadays everyone is aware how important it is to secure their website login. Adding a two factor login procedure is one way to make your site login more secure.
The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual for other less privileged accounts.
If you are serious about your website security then install this plugin and follow these simple instructions.
Google Authenticator 0.54 changelog.
- Fixed a bug in multisite.
What You Need:
- Google Authenticator Plugin
- A Smartphone, iPhone or a Google account to use an app through the browser
- Google Authenticator App is one that I recommend.
- (Optional) You might like to read my other tutorial WordPress Two Factor Authentication Core Files
Google Authenticator Security WordPress
Important Must Read First
Remember: Every person that has an account in your website should activate this security feature in their profile. It is up to you to encourage your members to do so. (Note: This process might change in the future.)
Step 1 ) Install and activate the plugin as illustrated in the image below.
Step 2 ) Go to Settings -> Google Authenticator as illustrated in the image below to set up the following options.
Google Authenticator Options
- Two Screen Signing = This allows the field to enter the authenticated code on a second screen instead of displaying the field on the default WordPress login screen. Enabling this option also means that if the user has not enabled the security plugin in their profile account, they will not see the field to enter the code when they log into your site.
- Roles requiring Google Authenticator Enabled = This feature helps you to further manage who should see the the option to enable this feature based on their profile role.
- Click on Save Changes button when you finish with your settings.
Updating Your Profile
Step 3 ) Go to your user profile as illustrated in the image below. This allows you to activate the two step security.
Note: This steps has to be carried out by all the Users in your site.
Step 4 ) The following image Google Authenticator Settings allows you to set up and activate the following options.
Google Authenticator Settings Options
- Relaxed mode to allow enough time to enter the code.
- For Description c= use a simple description.
- Copy the Secret code, somewhere safe.
- Click on Show/Hide QR code button.
- You can enable Enable App password = However if you do this will decrease your overall login security.
Important: The activation is performed only once. After that the mobile app in your mobile phone or google account will provide you with your authenticating code.
Step 4-a ) The following image shows you the QR code you need to scan with your mobile phone app. (Note: Make sure you have a valid QR scanner app installed in your mobile phone)
Step 4-b ) Make sure you click on Update Profile button to save your settings as illustrated in the image below.
Step 5 ) Log out from your account. If everything goes well you should see a second level of security field Google Authenticator Code on your login screen as illustrated in the image below.
Step 5-a ) The following image illustrates the secondary screen if you have enabled the following feature Two Screen Signin.
Google Authenticator Login Test
Step 6 ) It is a good idea to test your new login just in case something went wrong. To log back into your account, you will now need to enter your Username, Password and your Google Authenticator code as illustrated in the image below. The code is provided by the app you installed in your mobile phone.
Note: The Google Authenticator Code you see in the image below is just an example of the code you will need to enter when login in.
Step 7 ) This plugin also works in a Multisite installation. Make sure you network activate the plugin and then log in as the user for each subsite in your network. This allows you to activate the plugin for the user logged in.
Note: If you enter a space on your description or you use a tilde, a character with a stress on top or accent the QR will not work.
Q1 What if you forget the code or security code, lost your phone, accidentally deleted the App from your mobile phone?
Follow these instructions:
- Ftp into your server, you can use Filezilla for windows.
- Locate the plugin directory as illustrated in the image below and rename the folder.
- Check your login again and see if the extra security level field has been removed as illustrated in the image below.
Q2 How do I show Google Authenticator to only users who have enabled the security in their profile?
Solution: You can also installed the following plugin Google Authenticator Per User Prompt.
Q3 How do I hide Google Authenticator settings from users?
Solution: Log into your site as administrator and go to Users -> All Users. You can then check each user individually to see if they have enabled the security feature by checking Active or not. If they have not enabled the security feature in their account you can hide the feature by enabling Hide settings from user as illustrated in the image below. Note: This option works best if you also have Two Screen Signin enabled in the settings as illustrated in Step 2 ) above.
Alternative to Mobile Phone
Info If you don’t have a smartphone you can use some Google Extensions. The following is one that has very good reviews the-qrcode-generator.
That is how simple it is to set up a Two Level Authentication Security for your WordPress website.
If you have any questions please leave a message. I will be updating this tutorial from to time to time. So keep coming back for any latest updates.
More WordPress Plugins Tutorials: