All WordPress users can be subjected to automated password guessing schemes and brute force attacks, and having just a password to secure your website isn’t enough. You can use a Two Factor Authentication feature on your login page to add an extra layer of protection to your WordPress site.
How to Enable Two-Factor Authentication (2FA)
To enable the two-factor authentication for your site, which will allow users to enable 2FA for their account, go to your site dashboard
- Navigate to Users > Settings
- Click ‘Security’
- Turn on ‘Enable Two-Factor Authentication’
- Then click ‘Save Changes’
How Users Can Enable Two-Factor Authentication for Their Account
To enable the two-factor authentication feature on your site, login to your website using your username or email and your password.
- Once you are logged in click on ‘Account Settings’ or navigate to your profile and click ‘Edit Account’
- Click on ‘Two-Factor Authentication’
- Turn on ‘Enable Time Based One-Time (TOTP) Password’
Once the TOTP is enabled, you need to scan the QR code or manually enter the authentication code from an authentication app to complete the setup.
What Apps to Use
There are a lot of authenticator apps available in Google Play and App stores.
The most popular and easy to use authenticator apps are:
How to Validate
Using your authenticator app you can scan the QR code on your Account Setting page or manually enter the key. An Authentication Code will be generated by your authentication app.
Enter the Authentication Code then click ‘Validate Code’.
How to Reset the Keys
If you wish to reset your Authentication key just click on the ‘Reset Key’ button and you will have to re-scan the QR code and validate your Authentication Code to enable the Two-Factor Authentication.
How to Backup Verification Codes
You can also choose to backup your verification codes, just turn on the ‘Enable Backup Verification Codes (Single Use)’.
To generate single use codes just click on ‘Generate Verification Codes’ and it will generate 10 unused codes which you can write down or download by clicking the ‘Download Codes’ button.
Once you have validated your authentication code click on the ‘Submit’ button and your Two-Factor Authentication feature is now active.
After setting-up your Two-Factor Authentication feature, it’s time to test if it works properly.
Log out from your Account, go to your login page and then log in again.
You will be asked for Authentication Code to proceed with your login.
You can get your Authentication Code from your Authenticator App. Input your Authentication Code then click ‘Login’ to proceed.
Disabling Two-Factor Authentication For a User
Admins can disable 2FA for a user account by editing their user in the dashboard, and clicking the ‘Reset Two-Factor Authentication’ button