WordPress Two Factor Authentication

How to Enable WordPress Two Factor Authentication (Easiest Guide)

Last update on:

Probably you are so much aggressive to know how to enable WordPress two factor authentication on your site. If yes, you are the right place.

In this how-to guide, we are going to share the best and easiest method to add 2-factor authentication on a WordPress site that takes up to a few minutes to complete the whole process.

Before going to start the step by step guidelines, you should know what is two-factor authentication and why should you use it?

WordPress Two Factor Authentication

So let’s start…

What Is WordPress Two Factor Authentication?

Two-factor authentication is a process where you can enable an extra security layer on your WordPress site. This extra security layer works as a unique verification code that is used while you need to log in. 

This verification process secures your site’s login password from being theft, phishing, and even brute-force attacks. 

So it is impossible for anyone, even a hacker, to find out password and access to the WordPress admin dashboard without a new unique authentication code.  

Even if anyone tries to access your admin page again and again without the two-factor code, the WordPress system will block them for a certain time. 

So it is never possible to login without authentication code that is stored to a mobile phone app or sent to mobile as verification code.

 Why should you add 2-factor authentication?

You already know about the importance of authentication. But there are a few major factors for adding this system on your WordPress site.

One of the major tricks is that hackers always try to use brute force attacks by using an automatic script to steal your password for hacking a WordPress site. So once they guess your password, they can infect your site with malware.

In this case, you should backup the site regularly using a good WordPress backup plugin.

But if you don’t face this hazardous condition, you should up to date site securities and add an extra security layer called 2-factor verification.

One of the best ways to protect your site’s password from being stolen is to add two-factor authentication.

In this way if someone tries to login to a site, they will need to code from your phone to gain access.

There are two ways you can enable WordPress’ two-factor authentication system on your site. 

  1. SMS verification
  2. Authentication by authorized codes.

In this guide, I will share with you the 2nd one which is the best and easiest way that most WordPress users use. The second option is enough for the adding 2 step verification system that we also use it on our site WP Basic Pro.

Enable WordPress Two Factor Authentication Via the Plugin

There are many 2-factor authentication plugins in the WordPress plugin directory. You can use any of them to enable this feature. The most popular plugins are Two Factor & Two Factor Authentication.

But here we will only recommend using Wordfence security plugin which is perfect for two-factor authentication along with enhancing basic WordPress security.

So let’s start to step by step guides…

First login your WordPress dashboard then navigate to Plugins> add new then search Wordfence security plugin on the plugin search box.

Install Wordfence security plugin

After that, install the Wordfence security plugin and activate it.

After activating, you will get a new popup window which is for subscribing daily security digest that you will get directly to your email inbox. You can subscribe if you want.

Wordfence Login Security

However, back to the guides, now go to the Wordfence>Login Security.

Now you are in the Wordfence 2 step security setting page. Here you will get two options one is for enabling two factor Authentication layer on your site another is setting section which is for controlling authentication for other users.

2FA roles

If you want to require authentication for other users like editor, contributor, and subscriber, you can enable 2FA roles for them.

Not these roles, there are many options here, but I think those other options are not required to enable a 2FA security layer. So we can go to the next step.

Okay now back to the Wordfence Two factor authentication page (section number 1). Here you can see a barcode that is for generating unique authentication code to your phone using a 2FA app.

Authentication qr code

We will recommend using Google Two Factor Authentication app. So go to your android phone and install this app.

Now open your authentication android app and go to the ‘red color plus’ icon and open it. Click on the ‘Scan a barcode’ and finally scan the code which is available on the Wordfence login security page.

Authenticator barcode

After scanning the barcode, a few unique authentication codes will be generated on the android app Which you will see.

Now the next step is to activate this app with Wordfence. You will see a box on the right side of the barcode, section number 2. Enter any one code from the mobile Authenticator App.

Authenticator App verification

After inputting a unique code, the Activate button will be highlighted. Finally click the activate button.

2FA activate button

Note: if you input a wrong code, this button will not be visible to activate 2FA with Wordfence. So carefully input it.

After clicking the activate button you will get a new popup window message which is for downloading recovery codes.

It is very important, If you lose access to your authenticator device, you can use recovery codes to login.

So we are recommending you to download it and store it on your computer hard drive for the future. Unfortunately if you lose your device, you will use code from this download file to log in on the WordPress site. If you do not want to download, you can skip this.

Now you are totally done. Your site is fully protected with two factor authentication security layer.

We will suggest you configure other features of Wordfence plugin which will help you to add extra security layers of your WordPress site. In this case you do not have to use a security plugin separately.

How to test 2FA on your WordPress site?

You can now test 2FA of your site. Logout your site and go to the login area again then enter your existing WordPress username and password and press the login button.

Now you will see a new box for imputing unique two factor authentication code.

2FA  login box

Now go to your phone and open Google 2FA app and take a new code from the app and enter them in the box and finally press the Log in button. You are done.

Note: Remember that the code on the mobile app changes every 30 seconds, so we strongly recommend keeping the app installed.

How to deactivate Wordfence 2FA?

The deactivating process of wordfence two factor authentication is easy. 

deactivate Wordfence 2FA

Just simply go to Wordfence>Login security and press the ‘DEACTIVATE’ button then a new pop up window will be open, press again the DEACTIVATE button. 

Finally you’re done. 

Your Wordfence 2FA is totally deactivated. If you want to reactivate, you have to follow the same steps which you have followed before.

Final Advice About 2FA

So we hope finally you have gained a better idea about how to add two factor authentication on your WordPress site along with the most popular WordPress security & firewall plugin Wordfence.

However, if you have any questions about WordPress 2FA, you can comment below. We will try to give the best answer within a short time and don’t forget to share this post with your friends and colleges if you really like it.

What’s your Reaction?


  • Palash Talukder

    Palash Talukdar is a digital marketer & the founder of WP Basic Pro. He has been building and managing WordPress websites for 5+ years. He loves to write about WordPress, SEO, marketing, productivity, and web performance.

    View all posts
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Saeed Khosravi's Official Site