Using one Google Authenticator code for multiple WordPress sites

Securing your WordPress site is easy by installing the Google Authenticator plugin and the Google Authenticator app on your smartphone (iPhone version or Android version). This gives you two-factor authentication, which means to log into your WordPress site you’ll need something you remember (your password) and something you have (the pseudorandom code on your smartphone that changes every 30 seconds).

Install the Google Authenticator plugin on all WordPress sites where you want to strengthen logins with the Google Authenticator two-factor signin method.

Decide on a description you will use to label the single Google Authenticator code you plan to use for all your WordPress sites. This description will be displayed above the authentication code in the app on your smartphone.

Pick one of your sites and configure your profile to use the Google Authenticator. Use the “Description” you plan to use for all your sites. Perform this setup normally, scanning the QR code with your phone, etc. The plugin’s installation page has more details.

Now, copy the “Secret” value for future use. In the example below I’ll assume it’s RANDOMBRAINWAVES.

Perform the following steps for each additional site you want to configure.

  1. Perform the same Google Authenticator configuration, using the same “Description”. Don’t bother scanning the QR code with your phone, BUT do remember to click the “Update Profile” button.
  2. Now, using whatever means you prefer (phpMyAdmin, command line, or whatever) to access your site’s mySQL database, determine your user ID. It will be the “ID” value for your record in the users table (which will be called something like “wp_users”). For this example I’ll assume the ID is 7.
  3. Next, find the name of your user options table. It will probably end in “usermeta”. I’ll assume “wp_usermeta”, but you really should have personalized your WordPress table names (e.g., wp_r8w_usermeta) to reduce the odds of being hacked.
  4. Finally, using the appropriate table name and user ID for your system and profile, perform a mySQL update like this:

    update wp_usermeta
    set meta_value = 'RANDOMBRAINWAVES'
    where user_id = 7
    and meta_key = 'googleauthenticator_secret';

    or, more generically,

    set meta_value = 'YOURSECRETCODE'
    where user_id = YOUR_USER_ID
    and meta_key = 'googleauthenticator_secret';

  5. Confirm that you can log into this additional WordPress site using the same Google Authenticator code shown on your smartphone that you set up for the first site.

Repeat for as many WordPress sites as you like.

Enjoy the security of two-factor authentication on all your WordPress with the ease of not having to scroll on your smartphone app through a long list of different codes for each site.

Leave a Reply

Your email address will not be published. Required fields are marked *