Two-factor authentication (2FA) strengthens the security of online account access (authentication) by making users provide two distinct forms of mandatory user identification. This prevents hackers from accessing private user information easily by enhancing overall security.
Two-Factor Authentication (2FA) works by adding additional login credentials – beyond username and password – to gain account access. Getting the second credential requires access to something that belongs solely to the user, without which it’s impossible to enter the user account. This additional security effectively makes it impossible for hackers to access an account using only stolen login/password information.
HOW TO SET UP TWO FACTOR AUTHENTICATION FOR WORDPRESS
To enable 2FA for WordPress, you need to install an additional plugin called WP 2FA. If you run a multi-user WordPress website such as a membership site, then this plugin allows you to enable or enforce two-factor authentication for all the users on your site.
Step 1: Install the WP 2FA Plugin
First, download the plugin zip file using the URL given below and save it to your local computer.
Now, from the Admin Dashboard, simply head over to Plugins from the left menu and click on the submenu Add New.
Install the WP 2FA from your Plugins page.
Here’s how you can install the WP 2FA plugin:
From the Add Plugins page (shown below), click on Choose File button and upload the zip file you saved to your local computer.
Click on Install Now to install the WordPress 2FA Plugin.
After installing the plugin, Activate it.
Step 2: Configure the Admin Panel To Enable 2FA
From the Plugins section, select the WP 2FA plugin from the Installed plugins and configure the 2FA settings.
Choose ‘All users‘ when asked for preference in enforcing 2FA on users.
Set the Grace period to ‘Users have to configure 2FA straight away.‘.
Save the settings you have chosen.
Step 3: Configuring 2FA On User Dashboard
On their very next login, users will see a message (as given below) before they can start viewing the dashboard.
The plugin will now ask you to choose an authentication method. It comes with two options (app or email), but it is recommended to choose the authentication via app method, as it is more secure and reliable.
Select ‘One-time code generated with your app of choice (reliable and secure).‘
Click on the Next Step button to continue.
The plugin will now show you a QR code which you need to scan using an authenticator app (for example, google authenticator app). An authenticator app is a smartphone app that generates a temporary one-time password for the accounts that you save in it. The authenticator app will now save your website account, and it will start showing one-time passwords that you can use to log in.
Scroll down and click on the “I’m Ready” button to continue.
The plugin will now ask you to verify your one-time password. Click on your account in the authenticator app, and it will show you a six-digit one-time password that you can enter.
▪ Select ‘Validate & Save Configuration’ and Continue.
After that, the plugin will give you an option to generate and save the backup codes. These codes can be used in case you don’t have access to your phone. It is advisable to print these backup codes and put them somewhere safe. You can exit the setup wizard after these steps.
Note: Users can access the dashboard only if they have set up the 2FA as suggested above.
On the next login, the user will be asked an authentication code (in addition to password) as below.
Two-factor authentication is an add-on security system that requires two distinct forms of identification in order to access something. WP2FA is the most recommended plugin to enable multi-factor authentication in WordPress as it is easy to use and maintains security. Even non-technical users can set up this plugin if they follow the step-by-step instructions given in this document.
Cloud DevOps Engineer with more than three years of experience supporting, automating and optimizing deployments to hybrid cloud platforms using DevOps processes, tools, CI/CD, containers, and Kubernetes in both production and development environments.