Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

Secure WordPress Account Login with Two-Factor Authentication (Ubuntu 14.04)

What Will You Learn in This Guide?

In this guide, you'll learn how to increase the security of your WordPress account with two-factor authentication (2FA).
Thanks to two-factor authentication, even if your password is stolen, hackers cannot log in to the system without the temporary verification code (OTP) on your phone. The guide will include steps such as Installation of the Google Authenticator plugin, Pairing with the FreeOTP application, Recovery in case of phone loss.

🧠 Technical Summary

This guide will explain how to set up two-factor authentication (2FA) for WordPress on Ubuntu 14.04.
Our goal is to add an additional layer of security to the user login process. Steps; Installation of the Google Authenticator plugin, mobile application pairing, and implementation of the recovery scenario in case of phone loss.

1. Install Google Authenticator Plugin

As a first step, log in to your WordPress administration panel. Here, we will create the secure login infrastructure by installing the Google Authenticator plugin.

Plugin Installation

  1. Go to the Plugins > Add New tab.
  2. Type Google Authenticator in the search box.
  3. Find the plugin developed by Henrik Schack and click the Install button.
  4. Activate the plugin by clicking the Activate Plugin button.

This plugin will add a one-time password (OTP) box to your WordPress login screen.

2. Prepare Mobile Application (FreeOTP)

FreeOTP application is a mobile application that will generate your passwords securely offline, as an alternative to Google Authenticator.

App Download

This app continues to generate OTP codes even if there is no internet connection.

3. Activate 2FA Feature for Your Profile

Installing the plugin is not enough, you need to match it with your own user profile.

Steps:

  1. In the WordPress panel go to the Users > Your Profile tab.
  2. Find Google Authenticator Settings.
  3. Check Activate.
  4. Write the name of your site in the Description section (for example: ornek.com).
  5. Click the Show QR Code button to View the QR code.
  6. Open the FreeOTP app and scan the QR code.

This will establish a secure connection between WordPress and your phone.

4. Perform the Login Test

To check if the installation was successful, log out of your WordPress account and try logging in again.

Test Screen

  1. Enter your username and password.
  2. Enter the temporary code in the FreeOTP app.

If you can log in successfully, two-factor authentication has been successfully set up.

5. What Happens If I Lose My Phone? (Rescue)

If you lose your phone, you can recover it by accessing your server via SSH to disable 2FA.

Recovery Steps:

  1. Connect to your server via SSH.
  2. Go to the plugin directory:
   cd /var/www/html/wp-content/plugins/
  • Change the name of the plugin folder:

mv 'google-authenticator' 'gecici-devre-disi'
  • You can disable the Google Authenticator plugin with this process.

Frequently Asked Questions (FAQ)

1. What happens if my password is stolen while 2FA is active? Without using the 6-digit temporary password on your phone, attackers cannot log in with your password. With this additional layer of security, your account is safe.

2. There is not enough time to enter the code, what should I do? You can extend the OTP validity period up to 4 minutes by selecting the "Relaxed" option in the profile settings.

3. Should I make this setting for every user? Yes, you should activate this security layer for every user, especially with administrative privileges.

Result

Two-factor authentication (2FA) is an effective solution to increase the security of your WordPress site. Now even if your password is compromised, your account can only be logged in with the temporary verification code on your phone.

Activate 2FA now for a high-performance and secure experience on the GenixNode infrastructure!