«

»

Jul 18

Secure Your WordPress Login with Google Authenticator

Sometimes things are just so simple they really bring together security and simplicity and the Google Authenticator Plugin is one of those benefits.  With Google Authenticator you add an additional layer of One Time Passcode or (OTP) authentication to your WordPress admin login which adds an additional layer of protection against those who would attempt to log into your website without permission.

google-authenticator-install

Now, once you add Google Authenticator Plugin to your WordPress blog you will add an OTP layer of authentication which cause the login form to require an additional token or passcode in order to pass login and access the WordPress dashboard.

google-auth-wordpress

You can download and install the Google Authenticator plugin for free and the Google Authenticator app for iOS and Android phones is also free.  It does add some additional protection but only as a deterrent.  However, the plugin itself raises some items that I found make the Incapsula Google Authenticator solution much better.

Incapsula gives you the option to set email or SMS (depending on your plan) as fail back in case someone doesn’t have access to Google Authenticator or you just want to offer other alternatives.

Also, I noticed with Google Authenticator WordPress plugin it doesn’t matter who has the Google Authenticator app installed, as long as they can get a passcode it will authenticate and authorize for that site.  This means if the culprit knows your login and password to WordPress they just have to install Google Authenticator on their phone to get a code and gain access.

With Incapsula it requires you to authenticate a specific set of uses in the Incapsula cloud with Google Authenticator only allowing the valid email match first, before even allowing access to the WordPress login screen for additional security and putting the Google Authenticator login protection in the cloud and not directly on the WordPress login page which has an advantage.

image

Of course for simplicity and portability the Google Authenticator Plugin is a decent deterrent and will block most spam bots, and casual scanners who just blast default admin and passwords to see if they can compromise your login.

dragonblogger

dragonblogger

IT Security Manager who is also a part time technology blogger and loves all things Wordpress and Social Media
dragonblogger
dragonblogger
  • http://www.paxforex.com/forex-blog Paxforex

    I think it is a nice feature and very easy to implement. Really a no-brainer in order to secure your online presence.

  • http://tomjamieson.com/ Tom Jamieson

    Hey Justin, this sounds like a pretty good resource even on its own merit. Maybe I’ll give it a try, even though I’m not using Incapsula. Thanks.

    • http://www.dragonblogger.com/ Justin Germino

      Yeah, it was fun and adds an extra layer, but Incapsula which is free is completely worth it. The security features are fantastic and helps reduce load and attacks against your host, though if you are mostly covered, Incapsula has better security features in the free plan but Cloudflare has better caching features in the free plan.

  • shahalam khan

    I m using Google xml plugin, but I think I should give it a try, thanks for share.