Disclosure: This post contains affiliate links. If you buy or sign-up through one of those links, you won’t pay a penny more but we’ll get a small commission that helps us in running this blog. Read the Disclosure page.
Getting your blog hacked is the worst thing that can happen. Imagine one day you wake up only to find out you can’t log in to your site.
I know it’s scary but it can happen anytime.
There are many ways through which hackers hack websites. One of the most used methods is Brute Force.
Brute Force is a trial-error method used by an application to decode encrypted passwords. They can use this method to encrypt your site login password.
That is why you need to have strong security on your site so you can reduce such risks.
Google Authenticator is one tool you can use to avoid such risk.
If you want to know what it is and how you can use it to secure your WordPress site, then make sure to read it till the end.
How To Secure WordPress Blog
What Is Google Authenticator?
Google Authenticator is a software that uses two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP) for accessing the account.
Two-step verification is also known as multi-factor authentication where a user can only access an account after he successfully presents several other evidence to an authentication mechanism apart from user name & password.
If you are using Google Authenticator, you will notice an extra text box named “Google Authenticator Code” in your WordPress dashboard login window where you need to enter a code generated by GA app.
Why Google Authenticator Is Useful?
A secured site is a must if you want to avoid any online spam attacks.
Every day Google blacklist websites reported as spam.
Most of them are hacked sites which redirects visitors to other spam websites. This only happens when hackers inject malicious codes after getting access to the back end of the website.
Thus, it’s very important to keep your site safe and secure.
With Google Authenticator, you can add an extra layer of security to your website.
When you install it, GA adds an extra text box in your login window where you need to enter a code generated by GA app.
Now, this code is only generated in your mobile via Google Authenticator app & gets renewed every minute.
This means every code generated has a one-minute validity and you must enter this code within a one-minute timeframe.
Thus, if anyone thinks of hacking your site, he needs to figure out this code within one minute or else it’s difficult for him to access your site.
How To Use Google Authenticator?
- Install the Google Authenticator app on your smartphone. It is available for both Android & iPhone.
- Next, install the Google Authenticator WordPress plugin from your plugins section.
- Once the plugin is installed, go to Users > Your Profile
- Under Google Authenticator settings, check the “Active” option.
- Now open Google Authenticator app. Here you will see 2 options i.e. Scan a barcode & Enter a provided key.
- If you go for barcode option, open it and scan the barcode which you can find under Google Authenticator Settings.
- Scan it & your GA app will get connected to the GA WordPress plugin.
- Alternately, you can choose the second option i.e. “Enter a provided key” on your app if you don’t want to use the barcode.
- If you choose the second option, you need to enter your “account name” i.e. WordPress username & key which you can find on the “Your Profile” screen as shown below.
- After entering the username (account name) & key on your app, the app will be connected to your blog.
- Now, you can see a 6 digit code in the app which changes every minute (you can adjust the time).
- Within a minute, you need to enter the code on your WordPress dashboard login window for login.
This is how you set-up the Google Authenticator app with your WordPress site.
What If My Mobile Get Lost?
If you installed Google Authenticator, then the only way to login to your site is by entering the code along with username & password. Now, this code is only generated on your mobile.
What if your mobile gets lost?
How will you login?
Don’t worry, even if your smartphone gets lost, you just need to uninstall the plugin from your site.
To do so, access your WordPress C-panel & open your file manager.
Then, follow the below-mentioned root and delete “Google Authenticator folder”.
Public_html > wp-content > plugins > google authenticator
After deleting it, the plugin gets uninstalled on your site and then, you can normally log in.
Backup Your Data
I recommend that you backup your data on a weekly basis. Now there are many plugins you can use which are either free or paid.
Personally, I use UpdraftPlus Backup plugin which is free to use. You can schedule it to take automatic backup on a weekly basis.
In this plugin, there are many ways to store your backup. I personally use Google Drive to store all of my back-up’s on a weekly basis.
You can link your Google Drive account with UpdraftPlus and all your back-ups will get stored there automatically. Thus, this will help you to regain your data even if someone deletes it & thus, you can secure your WordPress blog.
Final Note – Secure WordPress Blog
I personally use this method to tighten up my WordPress security for the past 10 months. However, don’t expect that your blog can’t be hacked. This is just an added security which helps to make your blog more secure.
If you find it useful, I encourage everybody to use this tool and make your blog more secure to prevent hacking.
>>Read Next: Best Fiverr gigs for bloggers for productivity