WordPress 2FA: Two-Factor Authentication Option

 

Do you want to make your website harder to hack? If so, the Two-Factor Authentication Option (2FA) will help you with it.

Enforce WordPress admin dashboard protection using CleanTalk native 2FA

Keep safe your WordPress site admin account with Google Authenticator

CleanTalk 2FA

Your website administrator e-mail address will be used for that. First, check it here:

  • WordPress Admin Page —> Users —> Your Administrator Name —> Edit —> Contact Info —> Email

WordPress Users admin edit 

 

Make sure that everything is correct and activate the option here:

• WordPress Admin Page —> Settings —> Security by CleanTalk —> General Settings —> category "Authentication and Logging in" —> set the option "Two-factor authentication for chosen roles" to "On" or "Auto".

CleanTalk Security Plugin Two-Factor Authentication

On means that the option will work every time you log into your admin account.

Auto means that the option will work in those cases when you log into your admin account from a new device (other desktops, laptops, mobile phones, tablets, etc.).

 

A modal window will appear to check if you can receive emails from your website.

CleanTalk Security modal window confirmation code

 

Check your inbox to get the code. It will look like this:

Security by CleanTalk confirmation code email

 

Then select the roles you want to be protected. Press and hold CTRL button to do that:

CleanTalk Security Two-Factor Authentication Option roles selection

 

Next time you log into your website as administrator, you will see the CleanTalk Authorization Window.

WordPress window two-factor code authorization

 

When you see such a window, that means your authorization code has been sent to your e-mail and you have 10 minutes to input it.

Important! Your website mail server will send your letters with codes, not the CleanTalk servers! Speed of letters depends on it.

 

If you want to disable the Two-Factor Authentication Option (2FA), go to your CleanTalk Control Panel and do the following:

1. Switch to your Security Dashboard: Menu "Services" —> choose "Site Security".

Direct link: https://cleantalk.org/my?cp_mode=security

 

2. Find your website and click the link "Settings" under its name.

 

3. Disable the option "2-Factor Authentication" and click the button "Update".

If it is already disabled then click the button "Update" right away.

CleanTalk website settings 2-factor option

Next, wait a few minutes until the CleanTalk servers tell the CleanTalk plugin to disable the option.

Try to log into your website again.

 

Google Authentication for WordPress dashboard

After you enabled CleanTalk 2FA you can switch it to Google Authentication. There are two ways of using the Google 2FA App:

How to enable 2FA using a mobile device

1. Go to your WordPress Dashboard —> Profile Options

2. Scroll down to the CleanTalk Security 2FA and press Enable Google Authenticator:

 


WordPress Google 2FA

 


3.  You should see the QR code and the manual activation code.

 

SCREEN-OF-CLEANTALK-QR-AND-MANUAL-BAR

 


4. Install and run Google Authenticator for Android or iOS.


5. Press the "Begin" button:

 


SCREEN-OF-ANDROID-APP-BEGIN-BUTTON

 


6. Select "Scan a barcode". If you can't use your camera on your device then click the line "Enter a provided key".

 


SCREEN-OF-ANDROID-APP-QR-CODE-WORK

 


7. Focus the camera on the QR code that you see in step 3 of this guide. You should see the next screen on your mobile device with a new Authenticator record:

 


SCREEN-OF-ANDROID-QR-SUCCESS

 

7A. Enter your account name and the manual activation code you have taken on step 3 of this guide to the respective fields. Set the type to "Time Based".

 


SCREEN-OF-ANDROID-APP-MANUAL-CREDENTIALS-ENTERED

 

You should see the next screen on your mobile device with the new GA record.

 


SCREEN-OF-ANDROID-QR-SUCCESS

 


8. Go back to step 3 and enter the code from Google Authenticator and press Ok:

 

g2FA code

 

9. Google 2FA is activated for your WordPress account.

How to enable 2FA using Google Chrome extension

1. Go to your WordPress Dashboard —> Profile Options

2. Scroll down to the CleanTalk Security 2FA and press Enable Google Authenticator:


WordPress Google 2FA


3. You should see the QR-code and manual activation code.


Dialog


4. Install the Google Authenticator extension for Google Chrome.


5. Press the extension button:

 

Ext button photo

Perform the actions below, add your account name and the manual activation code from 3rd step to the "Secret" field :


Extension work


6. Check if the GA record is successfully added:


Success


7. Turn back to the 3rd step and enter the code from Google Authenticator and press Ok:


g2FA code


8. Google 2FA is activated for your WordPress account.

 

Google Authentication for WordPress Usage

There are two ways to log in with Google 2FA:

How to login via the Google Authenticator using a mobile device:

1. Proceed to your WordPress Dashboard login form and enter your WordPress credentials (not Google Authenticator code!)

2. The site will ask you for a Google Authenticator code.

 

Code request

 

You can find it in your Google Authenticator app.

 

Codes

 

3. Enter the code you see and press "Log In". Please, note, a GA code lifetime is restricted. If you see the check error message, please try to enter a new GA code.

4. If the previous step performed successfully, you will be redirected to your WordPress Dashboard.

How to login via the Google Authenticator using Google Chrome extension:

1. Proceed to your WordPress Dashboard login form and enter your WordPress credentials (not Google Authenticator code!)

2. The site will ask you for a Google Authenticator code.

 

Code request

 

You can find it in your Google Authenticator extension for Google Chrome.

 

Codes

 

3. Enter the code you see and press "Log In". Please, note, a GA code lifetime is restricted. If you see the check error message, please try to enter a new GA code.

4. If the previous step performed successfully, you will be redirected to your WordPress Dashboard.

 

How to Disable Google Authentication for WordPress

To disable 2FA perform the next steps:

1. Enter your WordPress Dashboard —> Profile Options

2. Scroll down to the CleanTalk Security 2FA and press Disable Google Authenticator:

 

G2FA disable

3. Press Update Profile

4.  Google 2FA is disabled

 

 

You can ask us any question concerning the CleanTalk services via:

 — Private Ticket [ https://cleantalk.org/my/support/open ].

 

 

Security Dashboard button

 

 


Perhaps it would also be interesting