Securing your WordPress access is one of the most important things when it comes to WordPress security. One of the steps I highly recommend, is adding two factor authentication to your login. Especially to your administrator accounts. This can be done in many ways. In this post I’ll show you how to use a plugin to accomplish this.
There are many plugins which provide a 2FA solution, but me and my clients had the best experience with “Two-Factor” by Plugin Contributors:
After installing the plugin go to Users and click on the user to whom you want to provide 2FA. Now scroll down to Two-Factor Options.
As you can see, there are four different options for adding 2FA. I recommend using TOTP (time based one-time password), because it’s an easy and secure method, especially if you have multiple WordPress websites or other logins with TOTP. You can also add a second 2FA method. This can be useful if you don’t have access to the first 2FA method for any reason. But in this example we’ll just use TOTP. So enable it and make it primary.
What you’ll now need is an OTP authentication app for your smartphone. For iOS I personally use “OTP Auth”, but you can just go to the Appstore/Playstore and simply search for “OTP” and install the app that suits you the most. Most of them are pretty equal functional wise.
So now add a new account in your OTP app and scan the barcode on the profile page. If everything worked fine, you’ll now see a 6-digit code in your app. Enter this code in the authentication code field and click on submit.
That’s it! You can now logout from the admin panel and try to login with your 2FA user. You’ll now see that after you entered your login and password, WordPress also requires a timebased 6-digit code to give you access to the admin dashboard.