virusword.com

Learn Wordpress

Home/Plugins/How to Set Up Two-Factor Authentication in WordPress

How to Set Up Two-Factor Authentication in WordPress

WordPress is the largest CMS per market share, powering millions of websites and counting. The open-source software allows you to create stunning blogs, websites, and apps.

WordPress.com and WordPress.org blogging platforms are popular with bloggers, webmasters, site owners, developers, and unfortunately, hackers.

Thankfully, with two-factor authentication (2FA), your site gets an additional layer of protection by requiring a PIN code to approve logins. So how do you enable 2FA for your WordPress site?

What You Need to Set Up 2FA in WordPress

To set up an extra layer of security in WordPress, you’ll need:

  • A WordPress account.
  • A 2FA plugin (e.g. Wordfence Login Security).
  • An authenticator app (e.g. Twilio Authy).

Download: Twilio Authy for Android | iOS (Free)

These are the tools you’ll need to set up two-factor authentication in WordPress using Wordfence.

How to Set Up Wordfence 2FA in WordPress

You can enable 2FA in WordPress sitewide or per user. Here’s how to set up two-factor authentication using Wordfence.

Sign into your WordPress account and install any two-factor authenticator plugin of your choice, e.g. WP 2FA, Two Factor Authentication, or Wordfence.

For this tutorial, we’ll be using the Wordfence Security standalone plugin called Wordfence Login Security.

How to Install Wordfence Login Security Plugin

To install the Wordfence Security Login standalone plugin, hover your mouse pointer over My Sites > Network Admin in the top-left corner and click Plugins.

WP 2FA click Plugins

Next, click Add New beside Plugins.

Enter “Wordfence Login Security” into the Search plugins… search bar. Once the plugin appears in the search results, review it and click Install, then Activate. Once done, its status will change to Active.

WP 2FA install activate Wordfence Login Security

Click Installed Plugins on the left side panel to view all your installed plugins. Wordfence Security Login should now be listed among them.

Related: How to Install and Set Up Jetpack for Your WordPress Website

How to Set Wordfence Two-Factor Authentication for WordPress

Still within your WP dashboard, scroll down and click Login Security in the same left side panel.

This will launch the Wordfence Login Security Settings page.

Now, open your authenticator app on your phone. You can choose from several options including Microsoft Authenticator, Google Authenticator, Duo Mobile, Twilio Authy, among others. We use Twilio’s Authy for this demonstration.

Tap the three dots at the top-right, then Add Account from the mini-menu, and tap Scan QR Code. Scan the QR code with your smartphone camera, then tap Save to add your WordPress account to Authy. Authy will instantly generate a six-digit token.

If you’re having trouble scanning the code, you can tap Enter Code Manually on the authenticator and enter the 32-character textual private key beneath the QR code.

Take note of the recovery codes next to the QR code. These codes will enable you to sign into your WordPress site if you ever lose access to your authentication app or device. Copy or download them and keep them in a safe place.

Next, enter the six-digit code generated by Twilio into the appropriate field and click Activate to enable two-factor authentication for WordPress.

WP 2FA Wordfence Login Security settings

Note that each token is good for only 30 seconds, after which they expire. Also, ensure that your WordPress time and your authenticator’s time sync, since Wordfence uses time-based one-time-passwords (TOTP).

Upon activating 2FA, you will be prompted to download the recovery codes if you skipped it earlier. Click Download. Wordfence two-factor authentication should now be active on your account.

How to Verify Your WordPress 2FA Works

You need to confirm that your two-factor authentication set-up was actually successful.

To do so, log out of your current WordPress account and try to log in again. After inputting your username and password, click Log In. You should now see a page asking for a 2FA code.

WP 2FA Wordfence enter 2FA click Log In

Enter the six-digit token from your authenticator app, then click Log In.

2FA codes (or the recovery codes you downloaded) will be required for all future logins.

Related: How to Change Your WordPress Website’s Password

How to Deactivate Wordfence Two-Factor Authentication for WordPress

Here’s how to deactivate Wordfence 2FA for your WordPress site.

Log into your WordPress account. Go to My Sites > Network Admin > Plugins.

WP 2FA click Plugins

Next, click Login Security > Deactivate.

WP 2FA Wordfence click Login Security

You’ll be asked if you’re sure you want to deactivate two-factor authentication; click Deactivate if you’re certain. And you’re done.

Related: Signs Your WordPress Site Was Hacked (And How to Avoid It)

Security is the Watchword

You may set up a WordPress site in under 2 hours, but it may take years to recover if your site is ever hacked. Two-factor authentication can prevent this, and give you additional security and peace of mind.

To protect your WordPress site better, use strong and unique passwords, spam and bruteforce blockers, and then implement two-factor authentication. You’ll be very pleased you did.

wordpress-security
6 WordPress Plugins to Secure Your Website From Hackers

Blogging with WordPress? There’s a chance that your site could be targeted by hackers—use these WordPress plugins to secure it.

Read Next


About The Author

Joy Okumoko
(45 Articles Published)

Joy is an Internet and Tech buff who loves the internet and everything technology. When not writing about the Internet or Tech, she’s busy knitting and making sundry handcrafts, or watching NollyWood.

More
From Joy Okumoko

Source link

Explore more

Get our Wordpress Guide Get Plugins Get Connected