This post contains Affiliate Links. For more info, you can check out my Affiliate Disclosure page.
When you started blogging, you know how much important is blog security. Getting blog hacked is the worst thing that can happen.
There are many ways through which websites are hacked by hackers. One of the most used methods is Brute Force.
Hackers use Brute Force which is basically a trial-error method used by an application to decode encrypted passwords.
Also, accessing WordPress dashboard login is quite easy as we just need to enter wp-admin at the end of a domain name which directly lands people in the login window.
After that, hackers only need to enter the username & password to get access to the blog dashboard.
But, there is one thing you can do which makes it even harder for them to access your blog even after knowing your username & password.
Today, I will be introducing a blogging tool “Google Authenticator” which is basically a Google app that helps to secure your account.
I will be discussing what is it and how you can use it to secure WordPress blog. So, if you are interested, then please keep on reading.
HOW TO SECURE WORDPRESS BLOG
WHAT IS GOOGLE AUTHENTICATOR?
As per Wikipedia, Google Authenticator is a software that uses two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP) for accessing the account.
Two-step verification is also known as multi-factor authentication where a user can only access an account after he successfully presents several other evidence to an authentication mechanism apart from username & password.
If you are using Google Authenticator, you will notice an extra text box named “Google Authenticator Code” in your WordPress dashboard login window where you need to enter a code that is generated by GA app.
Still confused? Let’s see how you can use it.
HOW TO USE GOOGLE AUTHENTICATOR?
- Install the Google Authenticator app on your smartphone. It is available for both Android & iPhone.
- Next, install the Google Authenticator WordPress plugin from your dashboard
- Once the plugin is installed, go to Users > Your Profile
- Under Google Authenticator settings, check the “Active” option.
- Now open Google Authenticator app, you will see 2 options i.e Scan a barcode & Enter a provided key.
- If you go for barcode option, open it and scan the barcode which you can find on your “Your Profile” screen under Google Authenticator Settings.
- Scan it & your GA app will get connected to the GA WordPress plugin.
- Alternately, you can choose the second option i.e. “Enter a provided key” on your app if you don’t want to use barcode.
- If you choose the second option, you will then need to enter your “account name” i.e. WordPress username & key which you can find on the “Your Profile” screen as shown below.
- After entering the username & key, the app will be connected to your blog.
- After it gets connected, you can see a 6 digit code in the app which renews every minute (you can adjust the time).
- Within a minute, you need to enter the code during the WordPress dashboard login & thus you can finally log in to your dashboard.
This will add a two-step verification security for the login process.
WHY IS IT USEFUL?
As you read above, it generates a code which changes every minute. This means it generates a new code every minute. This type of algorithm is known as Time-based One-time Password Algorithm (TOTP).
Even if somebody knows your username & password, they won’t be able to log in because they will need the GA code which is only generated on your smartphone.
Even if they try to guess the code, they will hardly have one minute to crack it up because the code will become invalid after one minute. Thus, it will add an extra protection to your blog.
WHAT IF MY MOBILE GET LOST?
So, you know that code is generated by your app.
But what will you do, if your mobile gets lost?
How will you login then?
Don’t worry, even if your smartphone gets lost, you just need to uninstall the plugin.
To do so, access your WordPress C-panel, open your file manager, follow the below-mentioned root and delete “Google Authenticator folder”.
Public_html > wp-content > plugins > google authenticator
Thus, in this way you can uninstall the plugin without going through your dashboard. Now after this, just go to the WordPress login window and you will notice that the Google Authenticator Code text box has gone.
This means the plugin is successfully uninstalled.
Now simply enter the username & password to log in.
BACKUP YOUR DATA
I recommend that you backup your data on weekly basis. Now there are many plugins you can use which are either free or paid.
Personally, I use UpdraftPlus Backup plugin which is free to use. You can schedule it to take automatic backup on weekly basis.
In this plugin, there are many ways to store your backup. I personally use Google Drive to store all my back-up’s on a weekly basis.
You can link your Google Drive account with UpdraftPlus and all your back-ups will get stored there automatically. Thus, this will help you to regain your data even if someone deletes it & thus, you can secure your WordPress blog.
FINAL NOTE – SECURE WORDPRESS BLOG
I personally use this method to tighten up my WordPress security for the past 10 months. However, don’t expect that your blog can’t be hacked. This is just an added security which helps to make your blog more secure.
If you find it useful, I encourage everybody to use this tool and make your blog more secure to prevent hacking.
>>Read Next: Best Fiverr gigs for bloggers for productivity