How to setup Two Factor Authentication in WordPress

Two Factor Authentication (2FA) helps you tighten your site’s login system.

By adding two-step verification feature, you can secure your site against Brute Force attacks, a type of attack used to break into sites by trying out login combinations.

As WordPress proudly supports plugins, you can install one for setting up Two Factor Authentication on your website.

If you don’t implement login security, your site may end up trashing into hacking victims of Brute Force attacks.

Today’s tutorial helps you set up 2FA on your WordPress website. The entire process takes less time and requires no specialized knowledge at all.

What is Two Factor Authentication?

2FA is a security mechanism for login systems. It adds an extra layer of security, which lets the users log in after providing two pieces of evidence, correct login information and code from email or phone.

You can easily differentiate 2FA from a regular login. Two-Factor Authentication requires credential with a code from email or phone. On the other hand, a regular login refers to single-factor authentication, that grants user-access after getting a single instance of correct login information.

In Single Factor Authentication, anyone with accurate login information can access a system, while Two Factor Authentication doesn’t let users get into the system, but grants them access after getting a code from the phone.

How 2FA works?

  • After setting up 2FA on a website, the user enters a valid combination of username and password.
  • If the login information is found valid, the system sends a code to email or phone.
  • The user gets into the system on entering the correct code from the email or phone.

WordPress Two-Factor Authentication: How to setup?

It is easy to set up 2FA on a WordPress website. The process consists of installing a WordPress plugin, which leads to perform the plugin’s settings, set up your phone, and test the entire system after completion. Learn how to install a WordPress plugin.

STEP #1: Install the WordPress plugin (Google Authenticator)

Google Authenticator helps you setup 2FA on your WordPress website.

  1. Head over to Add New Plugin page in the Dashboard.
  2. Search for “google authenticator“, and install the plugin with the mini orange icon. Also, don’t forget to activate the plugin after installation.
  3. Next, click on Authenticator in the Settings menu. The next page shows various options for Google Authenticator.
  4. Pay particular attention to the settings page. Proceed to set various features and save changes at the end.

You’ve successfully installed the required plugin for Two-Factor Authentication. You’re good to go to the next step.

STEP #2: Set up the Authentication app on a mobile device

Fire up the Play store on your phone and install Google Authenticator.

  1. Open the app on mobile and choose the “Add an account” option.
  2. Select “Scan a bar-code” option on the screen. Next, you need to land on the Google Authenticator settings page on your website.
  3. On the Settings page, you can see the QR code option. You’ve to scan the code with your phone.
  4. Once you scan the QR code, the phone app instantly identifies your website.

Lastly, follow the instructions on both places – website and phone. Also, don’t forget to save changes at the end.

STEP #3: Test the 2FA

(1) Sign out of your website: After you sign out, proceed to land on your site’s login page.

(2) Enter your login information: On the login screen, you can see an additional field for Two Factor Authentication. To log in, you need to enter two things; your login information and the code from Google Authenticator app on your phone.

STEP #4: Management of Two Factor Authentication

It’s possible to set Authentication measures for multiple users on a WordPress website.

  • In the Google Authenticator settings on your site, you can set up 2FA for different users.
  • You may experience problems after changing your phone. To stay safe, you can turn the 2FA off before you change your phone.
  • You can also set up 2FA by entering a secret code instead of scanning a bar-code. You can find the secret key on Google Authenticator’s setting page.
  • In case of losing control on Two Factor Authentication, you can delete Google Authenticator’s files in the Hosting Account/File Manager. It helps you remove the 2FA in place and enables you to revert to Single Factor Authentication.
  • Users on a WordPress site can manage 2FA on their profile pages, including turning the feature on or off.

Wrapping up

As WordPress powers more than 33% of the Internet, hackers use to target logins of the WordPress websites.

You can install the WordPress plugins for security purposes; however, Two-Factor Authentication helps you out-date brute force attacks. Also, you can make use of strong passwords for enhanced security.

By using Google Authenticator, you can easily set up 2FA for a single user. On the other hand, it also allows you to set up 2FA for multiple users on a WordPress website.

Proceed to read more on securing your WordPress website, head over to this tutorial about hardening a WordPress website.

You can also join the conversation in the comments, and let us know about your thoughts on Two Factor Authentication for a WordPress website.

More on wpcrib


  1. Thanks Ahmed

  2. Thank you, Naveed.

Add comment

Join discussion and make an impact. Your email address will not be published.

GDPR is going into effect on May 25, 2018. Learn more in our new GDPR section. You can also view changes to our Privacy Policy.
We use cookies to provide a personalised experience for our users.