WordPress Two Factor Authentication Login with Google Authenticator

I will explain here how to set up Google authenticator for your WordPress website this is gonna enhance the security of your website significantly because you’re going to need a second form of authentication are in order to access the backing of your site so you will need a username password and the unique randomly generated code is delivered to your smartphone this will make it much more difficult for people to access your website.

To achieve this I have a implemented this feature very simple way with open source PHP Google authenticator library, created a QR code in the dashboard widget to authenticate the Google authenticator app so that the app will generate authentication codes, also added setting at general settings section to enable or disable two factor authenticator at the login screen and added custom field at login screen to enter authentication code to verify, if you’re not familiar with custom fields visit my previous article “How to create custom field in wordpress”.

Demo Video – WordPress Two Factor Authentication Login


Please follow the code snippets below. To accomplish these tasks, either put this code in the currently active theme functions.php file or we will add it on a new plugin or you can get complete source code by clicking github button below.

1. Initialize Google Two-Factor Authentication library

2.Add a setting to enable Two-Factor Authentication

Add a setting to enable Two-Factor Authentication3.Adding Google Two-Factor Authentication QR Code widget at dashboard

Adding Google Two-Factor Authentication QR Code widget at dashboard
4.Add additional Two-Factor Authentication custom field at login

Add additional Two-Factor Authentication custom field at login
5.Build Logic : check whether the user entered the appropriate Google Two-Factor code when the user attempted to sign in etc.

Troubleshooting, What happens when you lose your phone? what happens if you can not access the site? What would you do in that case? In that case, you have to do is go into your web host accountability control panel and file manager on the server. You can delete the plugin itself, or you can disable the plugin from the server environment simply by adding an underscore before the plugin name, so this is important for you to understand you know security is more than just installing a plugin it’s also you know making sure your web hosting your server environment is secure as well so you want to make sure you have a very strong username and extremely strong password for your web server.

Finally, this article will help you learn how to set up a Google Authenticator for your WordPress website, then please Subscribe to ScriptHere.Com by Email. You can also find us on Facebook and Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.