The more popular your Blog becomes, the more vulnerable it becomes, or as they say – with great power comes great responsibility. So if your WordPress Blog enjoys heavy traffic, you have to find new and creative ways to protect it against the bad guys.
I already wrote about how to protect WordPress by limiting the number of login attempts, and as a matter of fact, since I’ve installed this plugin (2 weeks ago) in order to protect my Blog, I realized how important it is. There were 85 attempts to break into my site. Well done plugin. Well done.
So let’s say you have this plugin installed, but unfortunately someone succeeded to guess the username and password. That means you have a visitor in the admin area, and trust me – you don’t want it to happen.
So let’s add another layer of protection here, and call it 2 step verification for WordPress, using Google Authenticator.
How to enable 2 step verification for WordPress:
The process of 2 step verification is pretty simple – After typing in the right username and password, WordPress will ask you for a verification code, and you’d have to enter it on the login screen. As long as your phone with you, no one has access to your Blog (even if they have cracked the username and password). In order to enable it, follow this process:
- Go to the plugin download page, download it and install it on your Blog / Website.
- Install Google Authenticator on your smartphone: Android / iPhone / Blackberry.
- In WordPress, go to your profile (Users Menu -> Your profile) and check the “Active” option.
- Run the app on your Smartphone, type in your email address and the Secret code from your profile page on WordPress, or scan the QR code.
You’re done. From now on, every time you login to WordPress, you’ll have to run the Google Authenticator on your Smartphone, and type into WordPress the code provided by the app. This specific code is available only for the next 20 seconds.