Related Articles

Back to Latest Articles

How To Add Two-Factor Authentication To WordPress

How To Add Two-Factor Authentication To...

What Is Google Authenticator?

Google Authenticator implements TOTP security tokens from RFC6238 in mobile apps made by Google, sometimes branded “two-step authentication”. The Authenticator provides a six digit one-time password users must provide in addition to their username and password to log into Google services or other sites. The Authenticator can also generate codes for third party applications, such as password managers or file hosting services. Some versions of the software are open source.

Source: Wikipedia

Why Use It?

WordPress gets hacked. It’s unfortunate but it’s true. One of the most common methods hackers use is to try to brute-force the WordPress login screen. So the more security we can add to that page, the better. This is where Google Authenticator comes in.

Using this will act as a deterrent as well since the hacker will have to guess your username, password and a 6 digit code that changes every minute!

That is not to say that your WordPress site will be bulletproof after installing this as a lot of hacks are done in the database but this should help significantly.


Step 1: Installation is much like any other plugin for WordPress, simply log in and head to the ‘Install Plugins’ screen and search for ‘Google Authenticator’

Screen Shot 2016-05-20 at 10.34.13

Step 2: Activate & Setup

Once the plugin is activated we need to link your Google Authenticator device to your WordPress site. To do this we need to head over to the ‘Your Profile’ page under the ‘Users’ tab in WordPress.

Then you’ll see a button to show a QR code along with your ‘Secret Key’

Screen Shot 2016-05-20 at 10.38.36

Now let’s download the app to your smartphone/tablet, using the links below.

Android: Here
iOS: Here

When you first launch the Google Authenticator app you will be guided through the process of adding sites by scanning a QR code.

Once the site is added you’ll have to use a 6 digit code on that device each time you want to log in.

What if I lose/break my phone? 

The simplest way to disable the 2 factor authentication is to simply delete the plugin from FTP or from cPanel. Just navigate to the wp-content/plugins folder and delete the ‘google-authenticator’ folder. Doing this will disable the plugin completely and you won’t have to worry about getting a 6 digit code next time you log in.

Obviously it goes without saying that the security of your site rests on the strength of your cPanel password so ensure you have a very strong password, perhaps from


Related Articles


Google Gives Ranking Signal To SSL Encrypted Sites

We see a steady flow of SSL Certificates being bought on a daily basis and installed on our clients websites.  Yesterday we saw a 300% increase in our SSL orders that we process...

Posted on by bwf

Free SSL Certificates from Big Wet Fish Hosting

For a number of years we have been offering FREE “Let’s Encrypt” or Sectigo Powered by cPanel SSL Certificates to all our clients whose server has cPanel...

Posted on by BWF Hosting