Two-Factor Authentication is an advanced security method to provide additional identity validations for your users. If you allow your users to log-in to WordPress sites, you would want to look at this method to make sure only the correct user is gaining the access to the site.
Like Facebook and Google, you can also set up two-step verification to your WordPress website.
Yes, you heard it right!!
Nowadays, as the technology industry is booming and expanding its height like never before, it becomes more important to keep your data safe as much as we can.
Two-step verification helps you improve your site’s security. In addition, when you enable this feature in your WordPress website, your users will only be the person who will get the OTP to login to the website whenever or wherever you want. On the other hand, if someone tries to log in to your site, they cannot.
Today, we will walk you through a step-by-step guide on setting up two-factor authentication for user login to your WordPress website.
Before we turn to the steps to make it happen, we’d like to share why it is so important to use two-factor authentication in your WordPress website.
One of the easiest method of hacking any site is guessing the password. In many cases, it has been noticed that hackers who try to steal the sites have a kind of script named brute force attacks. Most of the people use simple, easy to remember password which is not very hard to guess.
By using this brute force trick or technique, they almost guess the correct password of your website. In most cases, they guess it accurately and steps into the website. Once they are logged in, they may harm your data, steal it, or use it any other way. To prevent all these kinds of risks, we urge you to set up two-factor authentication as soon as time permits you.
By enabling two-step verification, hackers have to enter the verification code along with the password to enter the site. Since you are the owner of your WordPress website, you will likely receive the one-time six-digit code into your inbox or SMS. So they won’t be able to login even after guessing your password correctly.
On this positive note, in this article, we will be talking about the WP 2FA – Two-factor Authentication and Wordfence Login Security plugins which can help you setting up 2-factor authentication on your site.
So, without taking much of your time, let’s get straight jump to the point.
How to Setup Two-Factor Authentication in WordPress?
Since this topic is the most asked question regarding keeping WordPress websites safe from malware, we have featured the best way to enable two-factor authentication in a detailed and easy-to-follow manner.
Part 1: Adding Two-Factor Authentication Using WP 2FA – Two-factor Authentication Plugin
WP 2FA WordPress Plugin provides all the basic settings for administrators to inforce two factor authentication for the site users.
Step #1 – Download and Activate: WP 2FA – Two-factor Authentication Plugin
First of all, you will need to download the WP 2FA plugin. To download this plugin, head over to your WordPress website, click on the Plugins section, and then hit the Add New Plugin item.
As soon as you click, you will be taken to a separate window. Now search for the plugin in the search bar given on the top right corner of your screen.
Once you get the plugin in the search results, click on the Install button, and then Activate the plugin accordingly.
Step #2 – Configure the plugin
After activating the plugin, you will leave the window and head over to the setup wizard section.
Now you will notice a big blue button saying “Configure Two-factor authentication (2FA)“, you have to click on it to configure the plugin. You can use that setup wizard or configure the settings in the WordPress admin dashboard.
Here are the important things, and we were hoping you could read them carefully before you set up the wizard. You will now have two options to configure this plugin.
- One-time code that an authenticator app will generate.
- One-time code that will be sent to you over email or SMS.
Now after selecting the option of your choice, click on the Next button to continue.
Once you complete this step, a QR code will appear on the next screen. Now you will need to scan the QR code from the Authentication App.
What’s our take?
We would recommend you go with the first option as it is more secure and reliable. With this option, you will receive a one-time generated code to your app, and then you can use it to log in to your website. Many WordPress users, such as bloggers, agencies, publishers, to name a few, uses this method because this practice is pretty straightforward and verified by Google.
Step #3 – Scan QR Code using Authentication App
As soon as you are all set with the authentication app, you will need to open it.
After this, you will need to click on the Add button to connect your website with this app. Once you click on the plus icon, it will ask you to grant permission to use your device camera.
You will have to scan the QR code that is showing on the plugin’s Settings page.
Step #4 – Complete the Wizard
After scanning the code, the authentication app will automatically save your WordPress website account, and when you log in to your site, it will show you a one-time password that you’d likely have to enter when it asks you to do so.
To complete the wizard, you have to click on the “I’m ready” button.
Now, the plugin will ask you to verify your OTP code. To do so, you will need to click on your profile or account in the authentication app, and you will notice a six-digit verification code that you can use to log in to your site.
Once the plugin is installed and configured, you can force all your users to enable the two factor authentication. It will add new options in the user profiles section where they can configure two factor authentication or create new app passwords.
App Passwords are specific user passwords which does not allow users to login to the site but allows services to connect and work. So if you are providing any REST API or other services, user can connect to those services with App Passwords.
You can even enable the grace period for your users so that they will have some time after creating a login to your site. You can decide to give them few days or control to decide if they want to disable the two factor authentication.
What is an Authenticator App?
Authenticator is an app that works between the server and the website. This means, when you use an authenticator app, it will generate a one-time password, and by using that code, you will be able to log in to your WordPress website easily.
There are several authentication apps available on the Internet, such as Google Authenticator, Authy or Microsoft Authenticator. Google or Microsoft Authenticator, however, is quite popular when it comes to authentication apps.
The password manage like 1Password also provide support for 2-factor authentication. They can generate code along with generating the user account passwords.
Part 2: Adding Two-Factor Authentication Using Wordfence Login Security
Wordfence needs no introduction for WordPress users. It is one of the best company providing security products for WordPress. They have a small product called Wordfence Login Security which allows you to add two factor authentication for your users. It is probably one of the easiest ways to make your website more secure as well as safe.
To use Wordfence Login Security, install the plugin and activate it to continue. Follow this: Plugins > Add New Plugin > Search for the plugin in the search bar.
After activating the plugin, your user profiles in the admin will have option to enable 2FA for the logins.
The admin can set the basic settings from the Wordfence Login Security admin menu. You can enforce or enable the two factor authentication for only Administrators or any other user type. You can also allow the device to be remembered so that user will not be asked for the authentication on the known devices.
After choosing the preferred settings, do not forget to click on the Save Changes button. After this, you will land on a page where you will notice a QR code.
Now, download the Authenticator application on your device to continue. Scan the QR code and enter the code shown on the application on the WordPress settings to connect.
Now you have Two Factor Authentication setup for your WordPress site. The plugin also support the Google Captcha addition for the login screen or WooCommerce integration for the 2FA authentications.
Here you get it. This is how you can enable two-factor authentication using Wordfence Login Security and WP 2FA. This means, if you now log in to your WordPress website, you will have to enter a code from the Authenticator app.
Kindly take a note that the code will only be valid for the next 30 seconds, so you need to pick the pace, or if you miss the chance, you will again get a six-digit code to enter.
We hope this article about how to set up two-factor authentication in WordPress is helpful to you. Do share this content on social media if you found it useful for you in any manner. Please stay connected with us for such informative content.