In this video, I’m going to show you how to setup Google Authenticator for WordPress and 2 Factor Authentication.

This will enhance your security for your WordPress Website by requiring a second form of authentication.

I will also show you how to get around the 2-factor authentication if you lose your phone.

This is the WordPress Plugin for Google Authentication.

Securing your WordPress Website takes more than just security plugins. You also need to secure your web server and hosting account.

I also recommend using a password manager which will help you create extremely secure passwords.

Information from the WordPress Website:
The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

If You need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin, but please note that enabling the App password feature will make your blog less secure.

Facts About the Plugin from WordPress:

Can I use Google Authenticator for WordPress with the Android/iPhone apps for WordPress?
Yes, you can enable the App password feature to make that possible, but notice that the XMLRPC interface isn’t protected by two-factor authentication, only a long password.

I want to update the secret, should I just scan the new QR code after creating a new secret?
No, you’ll have to delete the existing account from the Google Authenticator app on your smartphone before you scan the new QR code, that is unless you change the description as well.

I am unable to log in using this plugin, what’s wrong ?
The Google Authenticator verification codes are time based, so it’s crucial that the clock in your phone is accurate and in sync with the clock on the server where your WordPress installation is hosted. If you have an Android phone, you can use an app like ClockSync to set your clock in case your Cell provider doesn’t provide accurate time information Another option is to enable “relaxed mode” in the settings for the plugin, this will enable more valid codes by allowing up to a 4 min. timedrift in each direction.

I have several users on my WordPress installation, is that a supported configuration ?
Yes, each user has his own Google Authenticator settings.

During installation I forgot the thing about making sure my webhost is capable of providing accurate time information, I’m now unable to login, please help.
If you have SSH or FTP access to your webhosting account, you can manually delete the plugin from your WordPress installation, just delete the wp-content/plugins/google-authenticator directory, and you’ll be able to login using username/password again.