Learn how to install the free two-step authentication security system in Wordpress, to add a layer of security to your website.

With this step by step you will have been able to install a security barrier on your WordPress website by installing a Plugin (free) and the Google Authenticator (free), which together will allow you to enter your WordPress by entering a secure code, obtained from the free Google Authenticator APP from your mobile.

WordPress is the most popular content management system (CMS) in the world., with more than 40% of the websites on the Internet running on it. However, with great popularity comes great responsibility.

The more a platform is used, the more vulnerable it is to security threats.WordPress is no exception.

One of the most common security threats WordPress site owners face is unauthorized access to the site due to weak or stolen passwords.

This can lead to data breaches, website defacement, and even financial loss. Fortunately, there is a simple but effective solution to this problem: two-step verification or 2FA, and ideally, you should activate it immediately after installing Wordpress.

In this article, we will explore what 2FA is and how you can set it up for free in order to protect your WordPress site from unauthorized access.

What is Two Step Authentication or 2FA?

Two-Step Verification (2FA) is an authentication methodwhereby users overcome two different challenges to verify their identity.

The first factor in 2FA is usually something the user knows about., as a password. The second factor is something the user has, such as a physical token or a code sent to their phone.

That is, when a user tries to log in to a website or app that uses 2FA, they will be prompted to enter their username and password as usual. However, a second factor will also be required to be entered, such as a code.

Basically, there are 3 ways in which it is possible to send to, or generate this code on, a device that the user carries with them. These are:

●       SMS: The user receives a code through an SMS message on his phone.

●       Token: The user uses a physical token that generates a code.

●       Authenticator App: The user uses an app on their phone to generate a code.

If the user enters both factors correctly, they will be granted access to the website or application. However, if either factor is incorrect, they will be denied access.

How to Activate Two Factor Authentication in Wordpress?

To activate two-step verification in your Wordpress account, you will need to use a plugin. For this we must:

●       Install and activate the 2FA plugin.

●       Configure the plugin.

The best 2FA plugin for you will depend on your specific needs. If you are looking for one that is free and easy to use, WP 2FA is a good option.

How to Activate Two Factor Authentication in Wordpress with WP 2FA

WP 2FA is an easy, free, and secure way to add two-factor authentication to your WordPress website.. It is a plugin compatible with a variety of authenticator applications, with multiple configuration options and regular update.

It offers free authentication through the use of an application such as Authy, Google Authenticator or Microsoft Authenticator, among others. Also, it implements the method by sending a security code through an email account.

With the payment option, you can include other forms of authentication such as via SMS, push notifications or with a simple mouse click.

1.- General Configuration of the Plugin

To use this plugin it is necessary to install and activate it through the Wordpress administration panel.

Once the installation is complete, a setup wizard is activated.

Click on the button LET'S START! to continue with the wizard. Afterwards, the wizard will indicate the configuration options that are active by default and you can deactivate any of them if you like, since you can modify the configuration whenever you want through the plugin.

Now, click on the CONTINUE WITH SETUP button.

The wizard will then indicate that the generation of security codes is established as an alternative method. This is in case the user cannot access their phone or there are problems with the delivery of mail.

Now, click on CONTINUE WITH CONFIGURATION.

Later, you will have to specify which users will activate this security method.

You can choose to apply it to all users, not force any user, or specify each person for whom you want this mechanism to be configured.

If you choose to apply to all users or specific users, you must continue setup. Click on the corresponding button.

Next, you will be able to specify if there are any user profiles that you want to exclude from the use of this method.

Finally, you will be able to define if users will have to configure the method immediately or if you will grant a maximum period for individual implementation and what actions should be taken in case the method is not activated.

Press one click on ALL DONE! to finish the general configuration.

2.- How to Configure Two-Step Authentication in a Wordpress Account with Google Authenticator.

Once the general parameters for the operation of the plugin have been established, each user who meets the criteria will be notified via email about the need for individual configuration of the method.

Now we will show you how to configure the particular Wordpress account. Click on SET UP NOW 2FA and choose the method you want to set up for yourself.

Download the app Google Authenticator on your phone.

Scan the QR code that is displayed on the screen through the app.

To scan the code, go to the app and click on the + button. Then, choose the Scan a QR code option and proceed to scan the code that appears on the screen.

Then, click on the I'M READY button that appears on the Wordpress screen and enter the code provided by the application.

Click on VALIDATE AND SAVE and you will have established the two-step verification method through the Google Authenticator application. Now, you can generate a list of security codes or you can set them later.

How is the Wordpress Login once the Plugin is Activated?

If you want to enter your Wordpress administration panel, you will have to access the regular link used to log in and provide both your username and password.

Once you enter this data, the platform will request that you enter a code provided by the application or the method you have configured to obtain this security data.

After you include the code, click OK. In this way, you will be safely logged into your Wordpress account and you will have set up an additional barrier to prevent access by unauthorized users.

If for some reason you do not have access to your mobile, you can use any of the codes generated in advance. using the link uses a backup code.

Conclusion

Two-Step Verification (2FA) is a great way to protect your websiteWordPress from the attackers.

By requiring users to enter a code from a 2FA authenticator app, in addition to their password, adds an extra layer of security that makes it much more difficult for attackers to steal user passwords.

If you are not using 2FA on your WordPress website, we recommend that you enable it as soon as possible.. With this plugin and the Google app, you can set up this mechanism easily and for free in no time.