Apps Ballance Cash_2 Chat Checkout Click Code Cog_Wheels Compose_email Conference Contacts Earth Edit_File_1_ Email Email_2 File Folder_2 Gift Group Group_2 Help ID ID_2 Key Keys Laptop_Store Like_1_ Link Lock Log_Out Map Marketing Mobile_UI Navigation POS Partnership Profile Safe_2 Search_User Secure_Files Settings Share Shield Shield_2 Shopping_Cart Support_Male Trash Type_pin User_female User_male logo copy

Two-Factor Authentication

Iain Poulson avatar
Iain Poulson Last updated on April 25, 2021

All WordPress users can be subjected to automated password guessing schemes and brute force attacks, and having just a password to secure your website isn’t enough. You can use a Two Factor Authentication feature on your login page to add an extra layer of protection to your WordPress site.

How to Enable Two-Factor Authentication (2FA)

To enable the two-factor authentication for your site, which will allow users to enable 2FA for their account,  go to your site dashboard

  • Navigate to Users > Settings
  • Click ‘Security’
  • Turn on ‘Enable Two-Factor Authentication’
  • Then click ‘Save Changes’

How Users Can Enable Two-Factor Authentication for Their Account

To enable the two-factor authentication feature on your site, login to your website using your username or email and your password.

  • Once you are logged in click on ‘Account Settings’ or navigate to your profile and click ‘Edit Account’
  • Click on ‘Two-Factor Authentication’
  • Turn on ‘Enable Time Based One-Time (TOTP) Password’

Once the TOTP is enabled, you need to scan the QR code or manually enter the authentication code from an authentication app to complete the setup.

What Apps to Use

There are a lot of authenticator apps available in Google Play and App stores. 

The most popular and easy to use authenticator apps are:

  1. Google Authenticator
  2. Microsoft Authenticator
  3. Auty
  4. LastPass Authenticator
  5. Duo Mobile Authenticator

How to Validate

Using your authenticator app you can scan the QR code on your Account Setting page or manually enter the key. An Authentication Code will be generated by your authentication app. 

Enter the Authentication Code then click ‘Validate Code’.

How to Reset the Keys

If you wish to reset your Authentication key just click on the ‘Reset Key’ button and you will have to re-scan the QR code and validate your Authentication Code to enable the Two-Factor Authentication.

How to Backup Verification Codes

You can also choose to backup your verification codes, just turn on the ‘Enable Backup Verification Codes (Single Use)’. 

To generate single use codes just click on ‘Generate Verification Codes’ and it will generate 10 unused codes which you can write down or download by clicking the ‘Download Codes’ button.

Once you have validated your authentication code click on the ‘Submit’ button and your Two-Factor Authentication feature is now active.

Live Preview

After setting-up your Two-Factor Authentication feature, it’s time to test if it works properly. 

Log out from your Account, go to your login page and then log in again.

You will be asked for Authentication Code to proceed with your login. 

You can get your Authentication Code from your Authenticator App. Input your Authentication Code then click ‘Login’ to proceed.

Disabling Two-Factor Authentication For a User

Admins can disable 2FA for a user account by editing their user in the dashboard, and clicking the ‘Reset Two-Factor Authentication’ button

WP User Manager logo

Get Started with the Best WordPress Membership Plugin Today

Connect, Manage and Build your Membership Site

Need more help?

If you still didn't find an answer you can always contact us

Submit a ticket