WordPress is the most popular content management system (CMS) in terms of market share, powering millions of websites and counting. You may use the open-source tools to develop gorgeous blogs, websites, and applications.
Bloggers, webmasters, site owners, developers, and, unfortunately, hackers use the WordPress.com and WordPress.org blogging platforms.
Fortunately, two-factor authentication (2FA) adds an additional layer of protection to your site by asking users to enter a PIN code to accept logins. So how do you activate two-factor authentication for your WordPress site?
What You’ll Need to Set Up Two-Factor Authentication in WordPress
To add an additional layer of protection to WordPress, you’ll need the following:
- A WordPress account is required.
- A two-factor authentication plugin (e.g. Wordfence Login Security).
- An app that acts as an authenticator (e.g. Twilio Authy).
Download: Twilio Authy is available for Android and iOS (Free)
These are the tools necessary to configure two-factor authentication in WordPress with Wordfence.
How to Install and Configure Wordfence 2FA in WordPress
2FA can be enabled sitewide or per user in WordPress. This article will walk you through the process of configuring two-factor authentication with Wordfence.
Log into your WordPress account and install your preferred two-factor authenticator plugin, such as WP 2FA, Two Factor Authentication, or Wordfence.
We’ll be utilizing the Wordfence Security standalone plugin Wordfence Login Security for this tutorial.
How to Install the Wordfence Plugin for Login Security
To install the Wordfence Security Login standalone plugin, in the top-left corner, hover your mouse pointer over My Sites > Network Admin and select Plugins.
Then, beside Plugins, click Add New.
In the Search plugins… search bar, type “Wordfence Login Security.” Once the plugin is displayed in the search results, evaluate it and then click Install, followed by Activate. Once completed, the status of the item will change to Active.
How to Set Wordfence Two-Factor Authentication for WordPress
On the left side panel, click Installed Plugins to display all of your installed plugins. Wordfence Security Login should now appear in this list.
How to Configure Wordfence Two-Factor Authentication for WordPress While still logged into your WordPress dashboard, scroll down and click Login Security in the same left side panel.
This will open the Wordfence Security Settings for Login page.
Now, on your phone, open the authenticator app. Several solutions are available, including Microsoft Authenticator, Google Authenticator, Duo Mobile, and Twilio Authy. Twilio’s Authy is used in this presentation.
Tap the three dots in the upper-right corner, then select Add Account from the mini-menu, followed by Scan QR Code. Scan the QR code using the camera on your smartphone, then hit Save to join your WordPress account to Authy. Authy will produce a six-digit token instantly.
If you encounter difficulties scanning the code, tap Enter Code Manually on the authenticator and enter the 32-character textual private key beneath the QR code.
Keep an eye out for the recovery codes adjacent to the QR code. If you ever lose access to your authentication app or device, these numbers will enable you to sign into your WordPress site. Copies or downloads should be kept in a secure location.
Then, in the appropriate section, input the six-digit number issued by Twilio and click Activate to enable two-factor authentication for WordPress.
Take note that each token is only valid for 30 seconds before expiring. Additionally, check that your WordPress and authenticator clocks are in sync, as Wordfence utilizes time-based one-time passwords (TOTP).
If you skipped the prior step of downloading the recovery codes, you will be required to do so after activating 2FA. Simply click Download. Two-factor authentication should now be enabled on your Wordfence account.
How to Confirm That Your WordPress 2FA Is Working
You must verify that your two-factor authentication configuration was successful.
To accomplish this, log out of your current WordPress account and re-login. Click Log In after entering your username and password. You should now see a page requesting a two-factor authentication code.
Click Log In after entering the six-digit token from your authenticator app.
All subsequent logins will require 2FA codes (or the recovery codes you downloaded).
How to Disable Two-Factor Authentication in Wordfence for WordPress
This article will walk you through the process of deactivating Wordfence 2FA on your WordPress site.
Accession a tua cuenta WordPress. To access Plugins, navigate to My Sites > Network Admin > Plugins.
Following that, select Login Security > Deactivate.
2FA WP Click Login Security on Wordfence
You will be prompted to confirm your want to disable two-factor authentication; click Deactivate if you are certain. And then you’re finished.
Summary
While you can set up a WordPress site in less than two hours, recovering from a hack may take years. Two-factor authentication can help prevent this, while also providing more protection and peace of mind.
To enhance the security of your WordPress site, employ strong and unique passwords, spam and brute force protection, and then two-factor authentication. You’ll be extremely happy you did.