Nov 25, 2019
How to Enable WordPress Two-Factor Authentication
In this tutorial, you will learn how to enable WordPress two-factor authentication. Let’s check it out!
What Is WordPress Two-Factor Authentication?
Two-Factor Authentication or 2-Step-Verification is a great way to add an extra layer of security to your WordPress website. It secures your site against password theft, phishing, and even brute-force attacks. It makes it impossible for anyone else to access your admin panel without a unique code.
In other words, even if someone manages to guess your password, they’d still need another piece of information sent to your mobile device.
Enabling WordPress Two-Factor Authentication
Once the plugin is installed and activated, there a few things you need to do to set it up:
- Go to the Settings -> Google Authenticator.
- Change the settings as needed. In this example, we’re enabling 2FA for sites’ administrators and editors.
- Once done, press Save Changes then head back to Installed Plugins. You’ll be redirected to another settings page with a QR code scan.
- Download the Google Authenticator app on your phone and scan the QR code.
- Insert the generated code on your phone in the Authenticator Code field and verify it.
- That’s it! You have successfully enabled WordPress Two-Factor Authentication for your site.
Next time you log in to your WordPress, you’ll be asked to provide the code on your phone.
ProTip! Remember that the code on the mobile app changes every 30 seconds, so we strongly recommend keeping the app installed.
Disabling WordPress Two-Factor Authentication
You will need to navigate to wp-content -> plugins and rename the plugin folder by putting the word disabled separated by an underscore ( _ ).
It will immediately deactivate the plugin for your WordPress account. If you want to re-activate it, set the name to the original value and it will work again.
There you have it! By following this guide, you have learned how to enable WordPress two-factor authentication for your WordPress site with a free Google Authenticator plugin. Now, even if someone gets a hold of your password, you don’t need to worry. Culprits won’t be able to get in without the generated code that changes every few seconds.