What Is Google Authenticator? Google Authenticator implements TOTP security tokens from RFC6238 in mobile apps made by Google, sometimes branded “two-step...
What can you as a VPS user do to protect your server from attack and possible compromise. Below are some commonly used tools and procedures to help protect your server. It should...
You may have seen on BBC news last night a worldwide vulnerability in OpenSSL that could potentially place web servers at risk. Simply put OpenSSL is a protocol for the secure...
In this tutorial we will teach you how to set up an OpenVPN server on Ubuntu 12.04 server edition. The first step is to purchase a Ubuntu server from our website. Talk to our...
On Shared Hosting Spam emails can cause havoc for users of the servers. All it takes is one user on the server to neglect to update their WordPress Version, the out of date...
Recently cPanel released a preview of the ‘new look and feel’ for upcoming cPanel versions. Entitled ‘Paper Lantern’ it promises to clean up the dated and...
Hate terminal? Let us do the hard work for you, simply order an ownCloud package from our website from here. In this tutorial we will teach you how to set up an ownCloud server...
IP blocks on Shared Servers are some of the most frustrating issues for clients and we wanted to take some time to explain this. We regularly get tickets and chats informing us...
Sitting casually on Twitter this morning I saw this link tweeted by one of our clients and great minds must think alike as I had already this blog post 90% written so I finished...
Stephen K from management comments on uptime reports from October 2013 So what is your Uptime? Dealing with many of the sales tickets and chats that come in I regularly get asked...
Google Authenticator implements TOTP security tokens from RFC6238 in mobile apps made by Google, sometimes branded “two-step authentication”. The Authenticator provides a six digit one-time password users must provide in addition to their username and password to log into Google services or other sites. The Authenticator can also generate codes for third party applications, such as password managers or file hosting services. Some versions of the software are open source.
Source: Wikipedia
WordPress gets hacked. It’s unfortunate but it’s true. One of the most common methods hackers use is to try to brute-force the WordPress login screen. So the more security we can add to that page, the better. This is where Google Authenticator comes in.
Using this will act as a deterrent as well since the hacker will have to guess your username, password and a 6 digit code that changes every minute!
That is not to say that your WordPress site will be bulletproof after installing this as a lot of hacks are done in the database but this should help significantly.
Step 1: Installation is much like any other plugin for WordPress, simply log in and head to the ‘Install Plugins’ screen and search for ‘Google Authenticator’
Step 2: Activate & Setup
Once the plugin is activated we need to link your Google Authenticator device to your WordPress site. To do this we need to head over to the ‘Your Profile’ page under the ‘Users’ tab in WordPress.
Then you’ll see a button to show a QR code along with your ‘Secret Key’
Now let’s download the app to your smartphone/tablet, using the links below.
When you first launch the Google Authenticator app you will be guided through the process of adding sites by scanning a QR code.
Once the site is added you’ll have to use a 6 digit code on that device each time you want to log in.
What if I lose/break my phone?
The simplest way to disable the 2 factor authentication is to simply delete the plugin from FTP or from cPanel. Just navigate to the wp-content/plugins folder and delete the ‘google-authenticator’ folder. Doing this will disable the plugin completely and you won’t have to worry about getting a 6 digit code next time you log in.
Obviously it goes without saying that the security of your site rests on the strength of your cPanel password so ensure you have a very strong password, perhaps from http://strongpasswordgenerator.com