WordPress Security: Set Up Two-Factor Authentication in WordPress

WordPress is the most popular content management system (CMS) in terms of market share, powering millions of websites and counting. You may use the open-source tools to develop gorgeous blogs, websites, and applications.

Two-Factor Authentication

Bloggers, webmasters, site owners, developers, and, unfortunately, hackers use the WordPress.com and WordPress.org blogging platforms.

Fortunately, two-factor authentication (2FA) adds an additional layer of protection to your site by asking users to enter a PIN code to accept logins. So how do you activate two-factor authentication for your WordPress site?

What You’ll Need to Set Up Two-Factor Authentication in WordPress

To add an additional layer of protection to WordPress, you’ll need the following:

  • A WordPress account is required.
  • A two-factor authentication plugin (e.g. Wordfence Login Security).
  • An app that acts as an authenticator (e.g. Twilio Authy).

Download: Twilio Authy is available for Android and iOS (Free)

These are the tools necessary to configure two-factor authentication in WordPress with Wordfence.

How to Install and Configure Wordfence 2FA in WordPress

2FA can be enabled sitewide or per user in WordPress. This article will walk you through the process of configuring two-factor authentication with Wordfence.

Log into your WordPress account and install your preferred two-factor authenticator plugin, such as WP 2FA, Two Factor Authentication, or Wordfence.

We’ll be utilizing the Wordfence Security standalone plugin Wordfence Login Security for this tutorial.

How to Install the Wordfence Plugin for Login Security

To install the Wordfence Security Login standalone plugin, in the top-left corner, hover your mouse pointer over My Sites > Network Admin and select Plugins.

READ NOW  How to Scan WordPress Website for Malware

Two-Factor Authentication WordPress

Then, beside Plugins, click Add New.

In the Search plugins… search bar, type “Wordfence Login Security.” Once the plugin is displayed in the search results, evaluate it and then click Install, followed by Activate. Once completed, the status of the item will change to Active.

Two-Factor Authentication WordPress

How to Set Wordfence Two-Factor Authentication for WordPress

On the left side panel, click Installed Plugins to display all of your installed plugins. Wordfence Security Login should now appear in this list.

How to Configure Wordfence Two-Factor Authentication for WordPress While still logged into your WordPress dashboard, scroll down and click Login Security in the same left side panel.

This will open the Wordfence Security Settings for Login page.

Now, on your phone, open the authenticator app. Several solutions are available, including Microsoft Authenticator, Google Authenticator, Duo Mobile, and Twilio Authy. Twilio’s Authy is used in this presentation.

Tap the three dots in the upper-right corner, then select Add Account from the mini-menu, followed by Scan QR Code. Scan the QR code using the camera on your smartphone, then hit Save to join your WordPress account to Authy. Authy will produce a six-digit token instantly.

If you encounter difficulties scanning the code, tap Enter Code Manually on the authenticator and enter the 32-character textual private key beneath the QR code.

Keep an eye out for the recovery codes adjacent to the QR code. If you ever lose access to your authentication app or device, these numbers will enable you to sign into your WordPress site. Copies or downloads should be kept in a secure location.

READ NOW  Blog - Guide on how to start a blog for free

Then, in the appropriate section, input the six-digit number issued by Twilio and click Activate to enable two-factor authentication for WordPress.

Two-Factor Authentication WordPress

Take note that each token is only valid for 30 seconds before expiring. Additionally, check that your WordPress and authenticator clocks are in sync, as Wordfence utilizes time-based one-time passwords (TOTP).

If you skipped the prior step of downloading the recovery codes, you will be required to do so after activating 2FA. Simply click Download. Two-factor authentication should now be enabled on your Wordfence account.

How to Confirm That Your WordPress 2FA Is Working

You must verify that your two-factor authentication configuration was successful.

To accomplish this, log out of your current WordPress account and re-login. Click Log In after entering your username and password. You should now see a page requesting a two-factor authentication code.

Two-Factor Authentication WordPress

Click Log In after entering the six-digit token from your authenticator app.

All subsequent logins will require 2FA codes (or the recovery codes you downloaded).

How to Disable Two-Factor Authentication in Wordfence for WordPress

This article will walk you through the process of deactivating Wordfence 2FA on your WordPress site.

Accession a tua cuenta WordPress. To access Plugins, navigate to My Sites > Network Admin > Plugins.

Two-Factor Authentication WordPress

Following that, select Login Security > Deactivate.

Two-Factor Authentication WordPress

2FA WP Click Login Security on Wordfence

You will be prompted to confirm your want to disable two-factor authentication; click Deactivate if you are certain. And then you’re finished.


While you can set up a WordPress site in less than two hours, recovering from a hack may take years. Two-factor authentication can help prevent this, while also providing more protection and peace of mind.

READ NOW  5 Best Free and Paid Online Backlink Checker Tools for Website

To enhance the security of your WordPress site, employ strong and unique passwords, spam and brute force protection, and then two-factor authentication. You’ll be extremely happy you did.