WordPress is one the most popular CMS platform, where people self-hosted their files on servers. Security is one of the main concerns for a Self-hosted website.
Hackers can easily exploit security vulnerabilities in themes and plugins and can access your WordPress dashboard. That’s why you should use an extra layer of security over the regular password.
So, you can easily add Two-factor authentication to your WordPress website and make it more secure. So, read this blog post completely to know everything about 2FA.
What is Two-factor Authentication?
Two-Factor Authentication (2FA) is an additional layer of security that is added to your WordPress login page and it is required a One Time Password (OTP) for every login.
So, it is nearly impossible for hackers to hijack your WordPress website even if they guess your password.
It also helps your WordPress website prevent brute force attacks and protect from unauthorized access.
By default, WordPress doesn’t have a Two-factor authentication facility but you can enable this using third-party security plugins.
That’s why I have listed some of the best Two-Factor Authentication Plugins for WordPress.
- Google Authenticator
- Rublon Two-Factor Authentication
- iThemes Security Pro
Some of them are standalone plugins just for 2FA and some are dedicated Security plugins in WordPress.
So, here in this tutorial, we will use the Wordfence security plugin to enable two-factor authentication in WordPress.
If you are a visual learner then you can watch this video Tutorial for easy understanding.
Steps to enable Two factor authentication in wordpress
Step-1: Go to the WordPress dashboard and install the wordfence security plugin.
Step-2: Now install the Authenticator App on your smartphone. (Google authenticator or Microsoft Authenticator)
Step-3: Now Go to Wordfence > login security option.
Step-4: Now scan the QR code from your authenticator app
Step-5: Now download the backup codes
Step-6: Now put the One time code and click on activate.
Now Two-factor Authentication is activated on your WordPress website. Now you need to enter the one-time password that is generating in your authenticator app while login into your dashboard.
This one-time code will change every 30 seconds and now it will be very difficult for hackers to hack your website.
Here, remember that save your backup codes in a secure location, so that in case if you don’t have access to your authenticator app you can use the backup codes to access your WordPress website.
And these backup codes will work one time only and you can generate more backup codes later.
If you want to deactivate the two-step verification in WordPress again Go to the wordfence > login security option and click on deactivate button. Now the two-factor authentication is disabled on your WordPress website.
You can also make some advanced settings like Allow remembering device for 30 days, Disable XML-RPC authentication, and more.
You can also enable reCAPTCHA on the WordPress login page.
Frequently Asked Questions about Two Factor Authentication (2FA) in WordPress
I hope you got the idea of how the two-factor authentication in WordPress works and how you can enable this on your website.
If you have any doubts then you can ask me in the comment section.
You can also join our Weekly Newsletter for WordPress related tips and tricks straight to your inbox.