How to Protect Your WordPress Login with Two-Step Verification

two-factor authentication

Do you see how your Gmail and other social media accounts come with 2-Step Verification? It means that you need to verify yourself in two ways to login to your accounts. This helps in making sure that even if someone has your password, they can’t login in the second step. This ensures maximum security for all your accounts. There are different methods of securing your WordPress login too. Some use the phone number, SMS or alternate email id.

What is two-factor authentication?

Two-factor authentication means you need two steps of authentication before you can log in to your blog. Sites like Google, Facebook, Twitter WordPress and Amazon use it to secure your login page.

There are several kinds of the two-factor authentication process. We will mention the two common ones in this article.

Read Also:

Why do you need it for your WordPress blog?

Any hacker can guess your username and password, no matter how weird or hard you set it. This is known as brute force attacks. But the second step of authentication makes it nearly impossible to pass. This makes sure that your blog is less vulnerable to hacking. The authentication generally asks for a pin or code which is sent to your email id or phone number.

Here we will show you two ways of authentication

  1. SMS Verification – In this process, you will receive the verification code via text message on your phone.
  2.  Google Authenticator App – Another option where you will receive the verification code in an app.

Method 1- SMS verification for WordPress login

This method sends an SMS to your phone number with a code or pin. Use that code or pin to login to your WordPress blog. After entering your username and password, you will be asked to enter a code. That code will be sent to your phone number and you need to enter that code on the login page.

To do so, first, you need to install Two Factor and Two Factor SMS plugin.

WordPress 2 step authentication plugin gives you various ways of adding authentication factors. However, the second plugin is the add-on to the first plugin. It adds extra support to the 2-step verification. Install and activate both the plugins.


Go to Users-Your profile and scroll down to Two Factor Options Search. 

Check the box next to SMS (Twilio) option. Also, you can click on the radio button to make it your primary verification method.

After that scroll down to the Twilio section. There you will be asked to give your Twilio account information.

Twilio is a service that runs online and offers phone, SMS services and voice messaging to use with your own applications. 

Sign up and fill in your personal information. After that, select SMS in the section of which products you want to use first. Select Two-factor authentication in the section what are you building. Lastly, select PHP in language.

 After that, you’ll reach you Twilio dashboard. There you need to select Get Started option. Then click on Get your first Twilio number button.

It will show a popup showing a US based phone number. Copy and save this number and then click on the Choose this number button.

Exit the wizard and go to Settings-Geo permissions page. Select your country preference and head over to Twilio console dashboard to copy your Auth Token and Account SID.

Now go to your WordPress dashboard and select Users Profile. There you need to enter your Twilio Account SID, Auth token, and Twilio phone number. Make sure to add your own phone number in receiver phone number. Save your changes.

Log out of your WordPress site to see the plugin work in action. Enter your username and password as usual. After that, you will receive a code on your phone number. Enter that code on the login page.

Method 2- Using Google Authenticator for two-factor authentication

It may happen at times that you don’t receive the code text message because of some reason. This method is a backup of the 1st method. WordPress two factor authentication Google will help you log in to your WordPress account.

Go to Users-Your profile and scroll down to two-factor options. Click on the Enabled check box next to Time Based One-Time Password (Google Authenticator) and then click on view options link to begin Google WordPress login authentication.

Install the Google Authenticator app on your phone and scan the QR Code. Open the app and click on the add button. After scanning the QR code, the app will automatically add your website and will show you a six-digit code. Enter this code to your plugin’s setting page and save changes.

Logout of your WordPress Site to see if the plugin is working. Use the backup method and enter the code you get on your app.


These are two of the easiest and helpful WordPress two factor authentication plugin methods to secure your WordPress login page. However, there are more plugins by which you can secure the login page. Feel free to try them all and see which one works the best for you.

Check Also: WordPress: Why Floating Share Bar Is More Practical Than Digg Digg

By Geek

Tech geek and enthusiast writer at

Leave a comment

Your email address will not be published. Required fields are marked *