Disclaimer: This blog is reader-supported. Some links are affiliate links. So we may earn an affiliate commission at no cost to you if you buy through a link in our posts.
Probably you are so much aggressive to know how to enable WordPress two factor authentication on your site. If yes, you are the right place.
In this how-to guide, we are going to share the best and easiest method to add 2-factor authentication on a WordPress site that takes up to a few minutes to complete the whole process.
Before going to start the step by step guidelines, you should know what is two-factor authentication and why should you use it?
So let’s start…
What Is WordPress Two Factor Authentication?
Two-factor authentication is a process where you can enable an extra security layer on your WordPress site. This extra security layer works as a unique verification code that is used while you need to log in.
This verification process secures your site’s login password from being theft, phishing, and even brute-force attacks.
So it is impossible for anyone, even a hacker, to find out password and access to the WordPress admin dashboard without a new unique authentication code.
Even if anyone tries to access your admin page again and again without the two-factor code, the WordPress system will block them for a certain time.
So it is never possible to login without authentication code that is stored to a mobile phone app or sent to mobile as verification code.
Why should you add 2-factor authentication?
You already know about the importance of authentication. But there are a few major factors for adding this system on your Wordpress site.
One of the major tricks is that hackers always try to use brute force attacks by using an automatic script to steal your password for hacking a WordPress site. So once they guess your password, they can infect your site with malware.
In this case, you should backup the site regularly using a good WordPress backup plugin.
But if you don’t face this hazardous condition, you should up to date site securities and add an extra security layer called 2-factor verification.
One of the best ways to protect your site’s password from being stolen is to add two-factor authentication.
In this way if someone tries to login to a site, they will need to code from your phone to gain access.
There are two ways you can enable WordPress’ two-factor authentication system on your site.
- SMS verification
- Authentication by authorized codes.
In this guide, I will share with you the 2nd one which is the best and easiest way that most WordPress users use. The second option is enough for the adding 2 step verification system that we also use it on our site WP Basic Pro.
Enable WordPress Two Factor Authentication Via the Plugin
So let’s start to step by step guides…
After that, install the Wordfence security plugin and activate it.
After activating, you will get a new popup window which is for subscribing daily security digest that you will get directly to your email inbox. You can subscribe if you want.
However, back to the guides, now go to the Wordfence>Login Security.
Now you are in the Wordfence 2 step security setting page. Here you will get two options one is for enabling two factor Authentication layer on your site another is setting section which is for controlling authentication for other users.
If you want to require authentication for other users like editor, contributor, and subscriber, you can enable 2FA roles for them.
Not these roles, there are many options here, but I think those other options are not required to enable a 2FA security layer. So we can go to the next step.
Okay now back to the Wordfence Two factor authentication page (section number 1). Here you can see a barcode that is for generating unique authentication code to your phone using a 2FA app.
We will recommend using Google Two Factor Authentication app. So go to your android phone and install this app.
Now open your authentication android app and go to the ‘red color plus’ icon and open it. Click on the ‘Scan a barcode’ and finally scan the code which is available on the Wordfence login security page.
After scanning the barcode, a few unique authentication codes will be generated on the android app Which you will see.
Now the next step is to activate this app with Wordfence. You will see a box on the right side of the barcode, section number 2. Enter any one code from the mobile Authenticator App.
After inputting a unique code, the Activate button will be highlighted. Finally click the activate button.
Note: if you input a wrong code, this button will not be visible to activate 2FA with Wordfence. So carefully input it.
After clicking the activate button you will get a new popup window message which is for downloading recovery codes.
It is very important, If you lose access to your authenticator device, you can use recovery codes to login.
So we are recommending you to download it and store it on your computer hard drive for the future. Unfortunately if you lose your device, you will use code from this download file to log in on the WordPress site. If you do not want to download, you can skip this.
Now you are totally done. Your site is fully protected with two factor authentication security layer.
We will suggest you configure other features of Wordfence plugin which will help you to add extra security layers of your WordPress site. In this case you do not have to use a security plugin separately.
How to test 2FA on your WordPress site?
You can now test 2FA of your site. Logout your site and go to the login area again then enter your existing WordPress username and password and press the login button.
Now you will see a new box for imputing unique two factor authentication code.
Now go to your phone and open Google 2FA app and take a new code from the app and enter them in the box and finally press the Log in button. You are done.
Note: Remember that the code on the mobile app changes every 30 seconds, so we strongly recommend keeping the app installed.
How to deactivate Wordfence 2FA?
The deactivating process of wordfence two factor authentication is easy.
Just simply go to Wordfence>Login security and press the ‘DEACTIVATE’ button then a new pop up window will be open, press again the DEACTIVATE button.
Finally you’re done.
Your Wordfence 2FA is totally deactivated. If you want to reactivate, you have to follow the same steps which you have followed before.
Final Advice About 2FA
So we hope finally you have gained a better idea about how to add two factor authentication on your WordPress site along with the most popular WordPress security plugin Wordfence.
However, if you have any questions about WordPress 2FA, you can comment below. We will try to give the best answer within a short time and don’t forget to share this post with your friends and colleges if you really like it.