2-factor authentication for wordpress

As a software engineer normally you are paranoid about security. Therefore I was really worried about somebody attacking my wordpress.
So I was doing some research about improving security.
First attempt was better password plus Apache basic auth. But still there is the possibility to be brute forced and the I saw that there is a plugin to integrate 2-factor authentication via Google Authenticatior.

To be able to use it of course you need the Google Autenticatior App on your smartphone (Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2).
So install it and set it up. You will be asked to visit a google website, login, scan a QR code and enter the first verification code to be able to use 2-factor authentication also for your google account. This is not mandatory. Anyway now you are done on your mobile.
If you want the app on multiple devices with the same secret key: http://www.joelclermont.com/2012/06/08/using-google-authenticator-on-more-than-one-device/

Next step is to login to your wordpress and install and activate the Google Authenticator plugin (http://henrik.schack.dk/google-authenticator-for-wordpress).
Now switch to user and view details of the user that should use the 2-factor authentication.
Open the app on your mobile and add that account either via QR code or entering secret key manually. Relaxed mode should be enabled to compensate time differences.
Now save the user and if you are brave logout. 😉
The next time you try to login you will be asked for your password and the verification code.

Hopes that helps to make your wordpress a little more secure.
Perhaps also saving the QR code or the secret key makes sense if your phone breaks.

GD Star Rating

First cowriter found and therefore big plans… ;)

Yes, I’ve found a cowriter who will hopefully write and publish his first article within the next days. His name is Pascal and his focus is backend stuff.

Additionally I plan after my holiday to change the design and change the features to less a personal and more a collaborative blog.

So, stay tuned!

GD Star Rating