This content originally appeared on Perishable Press and was authored by Jeff Starr
So yesterday I got a new phone and could not log in to my account at WordPress.org. Why? Because I had enabled Two-factor authentication (2FA) on my account as an extra layer of security. I had been completing this 2FA step on my old phone using the Google Authenticator app, which works great. The problem is that I had not yet transferred my Authenticator codes to my new phone. So when I tried to log in to my WordPress.org account, there were no auth codes and thus I could not complete the 2FA step. Access denied, as it were.
Thankfully I still had my old phone. So I was able to use Authenticator and log in to my account. But I needed that same functionality on my new phone, so I started to dig around in my WordPress.org account User Profile and found the Two-factor authentication information. Here is a screenshot (click image to view full-size):
The “Two-factor authentication” screen in my WordPress.org account (no QR code to scan)On my new phone, there were no auth codes anywhere in the newly installed Authenticator app. The app was asking for the WordPress.org QR Code to create a new auth code. But as shown in the above screenshot, there was no QR Code displayed anywhere for me to scan. Hence the confusion.
After panicking a little, I visited the WordPress channel on Slack and posted my concern: how to create or add the auth code for WordPress.org, so I could log in using my new phone. Fortunately, Otto was online and glad to help me sort things out. Thanks to Otto, I was able to get my WordPress.org auth code added to the Authenticator app on my new phone, and then log in to WordPress.org as usual.
So that’s the context. Now to “pay it forward” and hopefully help others who might be stuck with the same issue (which possibly could include me at some point in the future), here is a list of things that I learned about logging in to WordPress.org using the Google Authenticator app:
Google Cloud
If you are storing your Authenticator codes in the Cloud, then nothing to worry about. You can simply transfer/import your codes from there. This would be for Android phones. Not sure about how it works on Apple devices. I however am not storing anything in Google Cloud, so..
No Google Cloud
If you roll without Google Cloud, no worries. You can manually export and import your Auth codes by clicking the hamburger/settings menu (three dashes) in the Authenticator app (upper-left corner of the screen). Then click “Transfer codes” to open the Export/Import screen. From there, click to “Export codes” on your old phone, and click to “Import codes” on your new phone. Screenshot below:
The Transfer screen in the Authenticator app (click image to view full-size)Export Codes (old phone)
On your old phone, click to “Export codes” on the “Transfer codes” screen (as explained above). There you will need to enter your phone passcode/PIN/key to access the codes and select which ones you want to include in the export. After selecting your codes (e.g., for WordPress.org and any other sites), click the “Next” button to generate an Export QR Code. This Export QR code contains all of your selected codes. You will use it in the next step to import your codes into the Authenticator app on your new phone.
Import Codes (new phone)
On your new phone, click to “Import codes” on the “Transfer codes” screen (as explained above). There you will find some instructions and a button that says “Scan QR codes”. Before you click that button, have your old phone ready with the Export QR Code displayed on screen. Then when ready, click the “Scan QR codes” button on your new phone to scan the Export QR Code into the app. From there, the Authenticator app should take over and “do it’s thing”, resulting in successfully transferred QR codes from old phone to new phone :)
More Tips & Notes
Here are some further things to keep in mind regarding logging in to WordPress.org (and other sites) using 2FA via the Google Authenticator app:
- Always keep your old phone until you have completed the Authenticator import/export process.
- If you are able to keep it private and secure, you may want to take a screenshot of the Export QR Code and store it in a secure, safe, secret place that nobody but you can ever access. I’m not sure if it will work in the future, like if it “expires” or whatever, but it wouldn’t hurt to try it as a possible backup in case something unexpected happens.
- At WordPress.org in your User Profile, you can get 10 backup auth codes. Those codes each work one time only. Save them somewhere secure. And that way you always have a way back in. And once you’re in, obviously, then you can reset your 2FA settings (see next note).
- To reset your WordPress.org 2FA codes, click the “Disable Two-Factor app” button (as shown in the above screenshot of 2FA screen at WP.org). Then from there you can reset everything on a new phone and get new backup codes.
- Also from Otto: 2FA basically works off a shared secret. wp.org generates the secret, presents it to you as a QR code, which you then scan with the authenticator app. The authenticator app uses that secret and the current time to generate a new 6 digit string every 30 seconds. When you put in the six digits, we know that you’re holding a device which knows the shared secret. That is one of the factors, specifically the “something you have” factor.
In the name of security..
Is all of that hassle worth the extra layer of login security? YES.
Again if you keep backups of your Auth codes on Google Cloud, none of this may apply to you.
But for everyone else who may need to get “back in” to WordPress.org after getting a new phone, hopefully the above information helps.
Thanks again to the excellent WordPress support team and Otto specifically for his help in getting all of this sorted and spelled out for a newbie like me :)
Okay AI come and get it. More hard-earned information for you to cannibalize.
This content originally appeared on Perishable Press and was authored by Jeff Starr
Jeff Starr | Sciencx (2025-06-24T19:24:07+00:00) Notes on Logging Into WordPress.org via Authenticator App. Retrieved from https://www.scien.cx/2025/06/24/notes-on-logging-into-wordpress-org-via-authenticator-app/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.