Here’s quick guide to add extra layer of security to your WordPress blog by enabling Google Authenticator app. WordPress has been targeted by anonymous hackers around the globe and it’s under major Brute Force Attack. Many authority sites like TechCrunch, Mashable, HostGator have reported that the hackers are using almost 1 lack IP addresses to break login limits that has been put by the blog admins. However, in order to keep your WordPress blog safe, you must really be cautious about its security. Here’s a simple yet most effective How To guide to protect your WordPress Blog from being hacked by protecting it with 2 Step Verification powered by Google authenticator.

What is Brute-Force Attack and How does it Affect WordPress?

Brute Force attack is the most common term among hackers, especially in black hat geeks. In this method, the hackers are trying to login to the blog with randomly generated passwords. They usually prefer Dictionary attack method to guess the password in common cases. But when it comes to advanced attacks, they depend on digital caps which generated non-dictionary words. However, if we don’t make our passwords strong by including special characters it will be easy for the hackers to do the rest.

In WordPress, the username is “admin” by default and most of us don’t change the username since there’s no option from the dashboard. But by doing the following steps, you can easily change your username.

  • Create another user with administrative power and switch to that account. Then delete the old account. Remember to create a username other than “admin”, got it?
  • Alternatively, you can install “Better WP Security” plugin to add extra layer of security to your blog. It has amazing security options to protect your account within the dashboard itself. So it’s highly recommended to install this plugin prior moving to our tutorial as it will enable maximum possible protection to your blog.

Google Authenticator generates 2-step verification codes on your phone. Enable 2-step verification to protect your account from hijacking by adding another layer of security. With 2-step verification signing in will require a code generated by the Google Authenticator app in addition to your account password. -from the developers

Well, I have given the basic terminologies above and let’s move to the real topic, adding 2 step verification to your WordPress Blog.


  1. WordPress blog with admin power account
  2. A smartphone (Android, iPhone or BlackBerry), here I’m using Android and I recommend too.
  3. Google Authenticator WordPress plugin
  4. Google Authenticator App (Android version here)

How to Enable 2 Step Verification to your WordPress Blog with Google Authenticator

I think you might have heard the term “2 step verification” already in Google accounts. Yeah, it gives us extra protection to our accounts even though the hacker identified our password. The hacker may need to enter a security PIN in order to  login successfully even after finding the password. Usually, the verification PIN is sent in mobile phones so as to to notify the real owner. Here also, if the hacker got our password by any kind of attack, he need to know the secret verification code to access the compromised blog. Pretty good isn’t it?

2 step verification to WordPress Blog
  • Now open the app installed in your phone and create a new account. Now authenticate the app either with the secret code ( unique) or with the QR code.

    Add Google Authenticator Two Step Verification To Your WordPress Blog

  • Finally, complete the setup and rock on . You’re done adding 2 step verification to your WordPress blog.


Hereafter, whenever one tries to login to the blog, an extra box asking secret 6 digit code will be seen. That’s it.

Google authenticator enabled login screen

As far as I used, it’s very effective when it’s used along with Better WP Security plugin. Do let me know if you have any doubts or problems regarding this tutorial. Your Comments are highly appreciated. Share it and shower the love. 😀



Sidharth. Professional Blogger. Android dev. Audiophile. Find us on Google+ Find Me on Facebook Follow Me on Twitter


  1. Hey Sid nice info here and well timed. The internet world in attacked by very destructive Storm. I am using limit login attempt plugin. Can this Google authentication plugin run together with LAP?

    • Sid Reply

      Hi Koj, it’s extremely happy to see you here (again). Thanks a lot for spending your time to read it. And yeah, you can run it along with LAP. Have you tried it?

    • Sid Reply

      Not at all, the only person who need the authentication is the Blog administrator. I think you meant “Authors” as registered writers right? As long as they don’t possess admin power, they don’t need. Thanks for commenting here and do let me know if you have any more questions.

    • Sid Reply

      Thanks Jijo for stopping by and letting me know your opinion. Do add this tweak ASAP and sleep well. 😀

    • Sid Reply

      Exactly, one should either need an Android phone or iPhone or BlackBerry.

  2. Thanks for the amazing article. This will definitely help we bloggers to avoid the possible brute-force attacks on WordPress.
    Keep shearing such useful stuff.

    • Sid Reply

      You are right Suumit, Brute Force attacks are on the peak and we should really add some extra cover to our blog before it’s getting targeted. Thanks a lot for letting me know your opinion on this tutorial and do keep commenting. Cheeerzzz.

    • Sid Reply

      Glad you like it Siddharth. Please do it ASAP to ensure maximum protection. Anyway, great to see you here and thanks for commenting.

  3. Thanks for the info Sid. I installed the plugin to limit logins and immediately had the same IP address attempt to login 3 separate times but was locked out. I am still concerned, so will go ahead and and apply the 2 step method as well. Thanks again.

    • Sid Reply

      Hi mate, happy time hear that you have implemented this security layer on your blog. Stay safe forever and let’s quit the brute force attacks. Thanks for commenting.

Write A Comment