Setting Up Google Authenticator for WordPress Blogs

Google-Authenticator

Recently I was looking for a solution to add additional security/protection for my blog. With like anything else, if I don’t know the best place to start I take to the interwebs to do some research on the best tools/way to secure a WordPress blog. Found several great articles that pointed to a great plugin, Limit Login Attempts that I wasn’t familiar with. Another plugin that kept popping up was the use of the Google Authenticator WordPress plugin to allow for two form authentication to be used. Working in the IT field for the last 12+ plus years two factor authentication systems are something I am quite familiar with (lost RSA key fobs anyone?) and thought that it would be great way to add an additional layer of security to my blog. The requirements and ease of use of Google Authenticator make it a breeze to setup, I had it up and running in a matter of 10 minutes or so.  If you have a WordPress blog I would strongly recommend you look into it. Now, for the setup.

Requirements

WordPress 3.5 or higher (Compatible up to 3.5.1)
Google Authenticator App (IOS or Android, example uses Android)

Setup

Step 1 – Download the plugin -> http://wordpress.org/extend/plugins/google-authenticator/installation/ to your desktop.

Step 2 – Log into your WordPress site, under “Plugins” click “Add New”:

Step2-AddPlugin

Step 3 – From the “Install Plugins” screen click the “Upload” hyperlink:

Step3-UploadPlugin

Step 4 – Click the “Choose File” button and browse to the location of the plugin zip file downloaded in Step 1. Click “Install Now”:

Step4-BrowseToZip

Step 5 – With the plugin successfully installed click the “Activate Plugin” hyperlink:

Step5-ActivatePlugin

Step 6 – Go to “Users” and click “Edit” under the username you wish to enable Google Authenticator for:

Step6-Users

Step6B-EditUser

Step 7 – Step in the “Google Authenticator Settings” enable the “Active” check box. You have the option to manually type in the provided “secret” or to use a QR Code. For my setup I chose to use the QR code:

Step7-EnableGoogleAuth

Step 8 – From my Android phone I launched the “Google Authenticator” app and clicked “Begin Setup”:

Step8-BeginSetup

Step 9 – In the “Add an Account” screen I chose the option to “Scan a barcode”:

Step9-ScanBarCode

Step 10 – After scanning the QR code from my WordPress site I am now good to go with 2 factor authentication:

Step10-Code

Step 11 – Back in your web browser, under the user account you are modifying scroll down to the bottom of the page and click “Update Profile”:

Step11-UpdateProfile

Step 12 – Now when accessing the admin page for your WordPress blog the “Google Authenticator Code” file will be displayed:

Step12-Login

Happy Security!

-Jason