Google Authenticator Security WordPress tutorial show you how to create a second level security for your WordPress website.
Last Updated: May 20, 2020
Latest News: Updated the documentation.
In this post you will learn how to setup Google Authenticator plugin. Nowadays everyone is aware how important it is to secure their website login. Adding a two factor login procedure is one way to make your site login more secure.
The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual for other less privileged accounts.
If you are serious about your website security then install this plugin and follow these simple instructions.
Google Authenticator 0.52 changelog.
- Add a Dutch translation
- Add a Portuguese translation
Note: The plugin has not been updated since early 2019. However the developer says the reason the plugin has not been updated is because there is no new coded needed yet. You can read more about it in the following forum post. I can confirm the plugins works with WordPress 5.4.1.
What You Need:
- Google Authenticator Plugin
- A Smart phone, iPhone or a Google account to use an app through the browser
- Google Authenticator App is one that I recommend.
- (Optional) You might like to read my other tutorial WordPress Two Factor Authentication Core Files
Google Authenticator Security WordPress
Step 1 ) Install the plugin and activate it as illustrated in the image below.
Important Must Read First
Remember: Every person that has an account in your website should have this security feature enabled. It is up to you to encourage your members to set up this feature. (Note: This process might change in the future.)
Step 2 ) Go to Settings -> Google Authenticator as illustrated in the image below to set up the following options.
Google Authenticator Options
- Two Screen Signing
- Roles requiring Google Authenticator Enabled
- Click on Save Changes button when you finish with your settings.
Step 3 ) Go to your user profile as illustrated in the image below. This allows you to activate the two step security.
Step 4 ) The following image Google Authenticator Settings allows you to set up and activate the following options.
Google Authenticator Settings Options
- Relaxed mode to allow enough time to enter the code.
- For Description c= use a simple description.
- Copy the Secret code, somewhere safe.
- Click on Show/Hide QR code button.
- You can enable Enable App password = However if you do this will decrease your overall login security.
Important: The activation is performed only once. After that the mobile app in your mobile phone or google account will provide you with your authenticating code.
Step 4-a ) The following image shows you the QR code you need to scan with your mobile phone app. (Note: Make sure you have a valid QR scanner app installed in your mobile phone)
Step 4-b ) Make sure you click on Update Profile button to save your settings as illustrated in the image below.
Step 5 ) Log out from your account as illustrated in the image below.
Step 5-a ) If everything goes well you should see a second level of security field on your login screen as illustrated in the image below.
Google Authenticator Login Test
Step 6 ) It is a good idea to test your new login just in case something went wrong. To log back into your account, you will now need to enter your Username, Password and your Google Authenticator code as illustrated in the image below. The code is provided by the app you installed in your mobile phone.
Note: The Google Authenticator Code you see in the image below is just an example of the code you will need to enter when login in.
Step 7 ) This plugin also works in a Multisite installation. Make sure you network activate the plugin and then log in as the user for each sub site in your network. This allows you to activate the plugin for the user logged in.
Note: If you enter a space on your description or you use a tilde, a character with a stress on top or accent the QR will not work.
Q1 What if you forget the code or security code, lost your phone, accidentally deleted the App from your mobile phone?
Follow these instructions:
- Ftp into your server, you can use Filezilla for windows.
- Locate the plugin directory as illustrated in the image below and rename the folder.
- Check your login again and see if the extra security level field has been removed as illustrated in the image below.
Q2 How do I show Google Authenticator to only users who have enabled the security in their profile?
Solution: You can also installed the following plugin Google Authenticator Per User Prompt.
Q3 How do I hide Google Authenticator from settings from users?
Solution: You can check every user’s account profile. In their account profile you will see two options under Google Authentication Settings. Select Hide settings from user.
Alternative to Mobile Phone
Info ) If you don’t have a smart phone you can use some Google Extensions. The following is one that has very good reviews the-qrcode-generator.
That is how simple it is to set up a Two Level Authentication Security for your WordPress website.
If you have any questions please leave a message. I will be updating this tutorial from to time to time. So keep coming back for any latest updates.
More WordPress Plugins Tutorials: