Recently I was looking for a solution to add additional security/protection for my blog. With like anything else, if I don’t know the best place to start I take to the interwebs to do some research on the best tools/way to secure a WordPress blog. Found several great articles that pointed to a great plugin, Limit Login Attempts that I wasn’t familiar with. Another plugin that kept popping up was the use of the Google Authenticator WordPress plugin to allow for two form authentication to be used. Working in the IT field for the last 12+ plus years two factor authentication systems are something I am quite familiar with (lost RSA key fobs anyone?) and thought that it would be great way to add an additional layer of security to my blog. The requirements and ease of use of Google Authenticator make it a breeze to setup, I had it up and running in a matter of 10 minutes or so. If you have a WordPress blog I would strongly recommend you look into it. Now, for the setup.
WordPress 3.5 or higher (Compatible up to 3.5.1)
Google Authenticator App (IOS or Android, example uses Android)
Step 1 – Download the plugin -> http://wordpress.org/extend/plugins/google-authenticator/installation/ to your desktop.
Step 2 – Log into your WordPress site, under “Plugins” click “Add New”:
Step 3 – From the “Install Plugins” screen click the “Upload” hyperlink:
Step 4 – Click the “Choose File” button and browse to the location of the plugin zip file downloaded in Step 1. Click “Install Now”:
Step 5 – With the plugin successfully installed click the “Activate Plugin” hyperlink:
Step 6 – Go to “Users” and click “Edit” under the username you wish to enable Google Authenticator for:
Step 7 – Step in the “Google Authenticator Settings” enable the “Active” check box. You have the option to manually type in the provided “secret” or to use a QR Code. For my setup I chose to use the QR code:
Step 8 – From my Android phone I launched the “Google Authenticator” app and clicked “Begin Setup”:
Step 9 – In the “Add an Account” screen I chose the option to “Scan a barcode”:
Step 10 – After scanning the QR code from my WordPress site I am now good to go with 2 factor authentication:
Step 11 – Back in your web browser, under the user account you are modifying scroll down to the bottom of the page and click “Update Profile”:
Step 12 – Now when accessing the admin page for your WordPress blog the “Google Authenticator Code” file will be displayed: