Secure Wordpress blog using Google Authenticator

How To Secure WordPress Blog Using Google Authenticator

This post contains affiliate links. For more info, you can read my Disclosure page.

When you started blogging, you know how much important is blog security. Getting blog hacked is the worst thing that can happen.

There are many ways through which websites are hacked by hackers. One of the most used methods is Brute Force.

Hackers use Brute Force which is basically a trial-error method used by an application to decode encrypted passwords.

Also, accessing WordPress dashboard login is quite easy as we just need to enter wp-admin at the end of a domain name which directly lands people in the login window.

After that, hackers only need to enter the username & password to get access to the blog dashboard.

But, there is one thing you can do which makes it even harder for them to access your blog even after knowing your username & password.

Today, I will be introducing a blogging tool “Google Authenticator” which is basically a Google app that helps to secure your account.

I will be discussing what is it and how you can use it to secure WordPress blog. So, if you are interested, then please keep on reading.

>>Read On: 16 Blogging Tools & Resources for those who have no idea about blogging



Learn how to tighten your WordPress blog security using Google Authenticator. It adds an extra level of security which prevents hacking. #googleauthenticator #Wordpresssecuritytips


Google Authenticator logo

As per Wikipedia, Google Authenticator is a software that uses two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP) for accessing the account.

Two-step verification is also known as multi-factor authentication where a user can only access an account after he successfully presents several other evidence to an authentication mechanism apart from username & password.

If you are using Google Authenticator, you will notice an extra text box named “Google Authenticator Code” in your WordPress dashboard login window where you need to enter a code that is generated by GA app.


Wordpress login window

Still confused? Let’s see how you can use it.


Google authenticator plugin

  • Once the plugin is installed, go to Users > Your Profile


Wordpress dashboard your profile option

  • Under Google Authenticator settings, check the “Active” option.

Google authenticator active option

  • Now open Google Authenticator app, you will see 2 options i.e Scan a barcode & Enter a provided key.

Google authenticator app options

  • If you go for barcode option, open it and scan the barcode which you can find on your “Your Profile” screen under Google Authenticator Settings.

Google authenticator settings 2

  • Scan it & your GA app will get connected to the GA WordPress plugin.
  • Alternately, you can choose the second option i.e. “Enter a provided key” on your app if you don’t want to use barcode.


Google authenticator app login

  • If you choose the second option, you will then need to enter your “account name” i.e. WordPress username &  key which you can find on the “Your Profile” screen as shown below.

Google authenticator settings

  • After entering the username & key, the app will be connected to your blog.
  • After it gets connected, you can see a 6 digit code in the app which renews every minute (you can adjust the time).


Google authenticator code

  • Within a minute, you need to enter the code during the WordPress dashboard login & thus you can finally log in to your dashboard.

This will add a two-step verification security for the login process.


As you read above, it generates a code which changes every minute. This means it generates a new code every minute. This type of algorithm is known as Time-based One-time Password Algorithm (TOTP).

Even if somebody knows your username & password, they won’t be able to log in because they will need the GA code which is only generated on your smartphone.

Even if they try to guess the code, they will hardly have one minute to crack it up because the code will become invalid after one minute. Thus, it will add an extra protection to your blog.


So, you know that code is generated by your app.

But what will you do, if your mobile gets lost?

How will you login then?

Don’t worry, even if your smartphone gets lost, you just need to uninstall the plugin.

To do so, access your WordPress C-panel, open your file manager, follow the below-mentioned root and delete “Google Authenticator folder”.

Public_html > wp-content > plugins > google authenticator

Thus, in this way you can uninstall the plugin without going through your dashboard. Now after this, just go to the WordPress login window and you will notice that the Google Authenticator Code text box has gone.

This means the plugin is successfully uninstalled.

Now simply enter the username & password to log in.


I recommend that you backup your data on weekly basis. Now there are many plugins you can use which are either free or paid.

Personally, I use UpdraftPlus Backup plugin which is free to use. You can schedule it to take automatic backup on weekly basis.

Updraftplus logo

In this plugin, there are many ways to store your backup. I personally use Google Drive to store all my back-up’s on a weekly basis.

You can link your Google Drive account with UpdraftPlus and all your back-ups will get stored there automatically. Thus, this will help you to regain your data even if someone deletes it & thus, you can secure your WordPress blog.


I personally use this method to tighten up my WordPress security for the past 10 months. However, don’t expect that your blog can’t be hacked. This is just an added security which helps to make your blog more secure.

If you find it useful, I encourage everybody to use this tool and make your blog more secure to prevent hacking.

>>Read Next: Best Fiverr gigs for bloggers for productivity

1 thought on “How To Secure WordPress Blog Using Google Authenticator”

  1. Good deal Mahesh. This helps you sleep better at night no doubt. My developer added https years ago, plus I’ve a CDN, strong password, and created strong passwords for my contributors. Pinned and Tweeted.


Leave a Comment

Your email address will not be published. Required fields are marked *

eighteen − 13 =