{"id":12700,"date":"2022-06-08T06:19:48","date_gmt":"2022-06-08T06:19:48","guid":{"rendered":"https:\/\/kwebby.com\/blog\/?p=12700"},"modified":"2024-07-20T09:43:54","modified_gmt":"2024-07-20T09:43:54","slug":"two-factor-authentication-in-wordpress","status":"publish","type":"post","link":"https:\/\/kwebby.com\/blog\/two-factor-authentication-in-wordpress\/","title":{"rendered":"How to enable two-factor Authentication in WordPress (2 Easy Way)"},"content":{"rendered":"\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">If you&#8217;re like most WordPress site owners, you want to do everything possible to keep your site safe from hackers. One way to do that is by enabling <a href=\"https:\/\/en.wikipedia.org\/wiki\/Multi-factor_authentication\" rel=\"doFollow noopener\" target=\"_blank\">two-factor authentication<\/a>.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">This security measure requires something you know (your password) and something you have (a code generated by an app on your phone, for example).<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">In this blog post, we will show you how to enable two-factor authentication on your WordPress site.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">WordPress is the most popular content management system in the world. As of March 2017, 43% of all websites were built on WordPress which owns 62% of the Market share <a href=\"https:\/\/w3techs.com\/technologies\/details\/cm-wordpress\" rel=\"noreferrer noopener\" target=\"_blank\">according to W3tech<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"600\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/cm-wordpress.png\" alt=\"\" class=\"wp-image-12701\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/cm-wordpress.png 600w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/cm-wordpress-300x300.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/cm-wordpress-150x150.png 150w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/cm-wordpress-24x24.png 24w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/cm-wordpress-48x48.png 48w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/cm-wordpress-96x96.png 96w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">This makes WordPress a big target for hackers. While there is no such thing as a 100% secure website, you can take steps to make your WordPress site more secure. One of those steps is enabling two-factor authentication.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is Two-Factor Authentication?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Two-Factor-Authentication-1024x576.png\" alt=\"Two-Factor Authentication\" class=\"wp-image-12702\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Two-Factor-Authentication-1024x576.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Two-Factor-Authentication-300x169.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Two-Factor-Authentication-768x432.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Two-Factor-Authentication-1536x864.png 1536w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Two-Factor-Authentication-2048x1152.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Two-factor authentication is an extra layer of security that can be added to your WordPress login. It requires you to have two things before you can log in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Something you know (your password)<\/li>\n\n\n\n<li>Something you have (a code generated by an app on your phone)<\/li>\n<\/ul>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">With two-factor authentication enabled, even if someone knows your password, they won&#8217;t be able to log in to your <a href=\"https:\/\/kwebby.com\/blog\/migrate-wordpress-websites\/\"  data-wpil-monitor-id=\"1154\">WordPress site<\/a> unless they also have the code.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why use Two-Factor Authentication In WordPress?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Why-use-Two-Factor-Authentication-In-WordPress-1024x576.png\" alt=\"\" class=\"wp-image-12703\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Why-use-Two-Factor-Authentication-In-WordPress-1024x576.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Why-use-Two-Factor-Authentication-In-WordPress-300x169.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Why-use-Two-Factor-Authentication-In-WordPress-768x432.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Why-use-Two-Factor-Authentication-In-WordPress-1536x864.png 1536w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/Why-use-Two-Factor-Authentication-In-WordPress-2048x1152.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">There are two main reasons to use two-factor authentication on your WordPress site:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>To protect your site from brute force attacks.<\/li>\n\n\n\n<li>To make it more difficult for someone to hack into your account, even if they have your password.<\/li>\n<\/ul>\n\n\n\n<p id=\"a7fd1f6a-a6b4-4286-b866-e6053d5a3d99\">As any website owner knows, security is essential. Not only do you need to protect your site from malware and hackers, but you also need to safeguard your visitors&#8217; information.<\/p>\n\n\n\n<p id=\"a7fd1f6a-a6b4-4286-b866-e6053d5a3d99\">However, many website owners are unaware of how their site was compromised. In a recent survey conducted by WordFence, <a href=\"https:\/\/www.wordfence.com\/blog\/2016\/03\/attackers-gain-access-wordpress-sites\/\" rel=\"noreferrer noopener\" target=\"_blank\">61.5% of respondents<\/a> said they didn&#8217;t know how the attacker gained access to their website.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1005\" height=\"605\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/hacked_website_how_compromised.png\" alt=\"\" class=\"wp-image-12704\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/hacked_website_how_compromised.png 1005w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/hacked_website_how_compromised-300x181.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/hacked_website_how_compromised-768x462.png 768w\" sizes=\"auto, (max-width: 1005px) 100vw, 1005px\" \/><\/figure>\n\n\n\n<p id=\"a7fd1f6a-a6b4-4286-b866-e6053d5a3d99\">That&#8217;s not all they <a href=\"https:\/\/www.wordfence.com\/blog\/2016\/04\/hackers-compromised-wordpress-sites\/\" target=\"_blank\" rel=\"noreferrer noopener\">also said 25% of hackers <\/a>took their site offline after they hack their website.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"573\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/what_attackers_do_to_wordpress_sites-1024x573-1.png\" alt=\"\" class=\"wp-image-12705\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/what_attackers_do_to_wordpress_sites-1024x573-1.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/what_attackers_do_to_wordpress_sites-1024x573-1-300x168.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/what_attackers_do_to_wordpress_sites-1024x573-1-768x430.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p id=\"a7fd1f6a-a6b4-4286-b866-e6053d5a3d99\">This is an alarming statistic, as it means that many site owners are in the dark about how to prevent future attacks.<\/p>\n\n\n\n<p id=\"a7fd1f6a-a6b4-4286-b866-e6053d5a3d99\">There are a number of ways that attackers can gain access to a website, including SQL injection and brute force attacks. However, the most common way is through security vulnerabilities in WordPress plugins and themes.<\/p>\n\n\n\n<p id=\"a7fd1f6a-a6b4-4286-b866-e6053d5a3d99\">Therefore, it is important to keep your WordPress installation up to date, and to carefully vet any plugins or themes before installing them on your site. By taking these simple steps, you can help to keep your site safe from attackers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What are Different Two-Factor Authentication Methods?<\/h2>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">There are several different methods you can use for two-factor authentication. The most popular ones are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SMS (text message)<\/li>\n\n\n\n<li>Google Authenticator app<\/li>\n\n\n\n<li>Email Authentication Code<\/li>\n\n\n\n<li>Backup Codes<\/li>\n\n\n\n<li>Security Keys<\/li>\n<\/ul>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">There&#8217;s much more that we will cover in this detailed guide on how to enable two-factor authentication in WordPress.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to Enable Two-Factor Authentication in WordPress?<\/h2>\n\n\n\n<iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/H6BbioFTcIw\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Fortunately, there are a few plugins you can use to add two-factor authentication to WordPress. In this section, we&#8217;ll show you how to set up two-factor authentication on your WordPress site using two popular WordPress plugins i.e. <a href=\"https:\/\/wordpress.org\/plugins\/wp-2fa\/\" rel=\"noreferrer noopener\" target=\"_blank\">WP 2FA \u2013 Two-factor authentication for WordPress<\/a> and <a href=\"https:\/\/wordpress.org\/plugins\/two-factor\/\" rel=\"noreferrer noopener\" target=\"_blank\">Two-Factor<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">#1 Two-Factor by Plugin Contributors<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"968\" height=\"444\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.53.08.png\" alt=\"\" class=\"wp-image-12711\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.53.08.png 968w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.53.08-300x138.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.53.08-768x352.png 768w\" sizes=\"auto, (max-width: 968px) 100vw, 968px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\"><a href=\"https:\/\/github.com\/WordPress\/two-factor\" target=\"_blank\" rel=\"noreferrer noopener\">Two-Factor<\/a> is a popular two-factor authentication plugin for WordPress. It&#8217;s a completely free plugin. It offers four ways to provide two-factor authentication as follows;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Email<\/strong>: Authentication codes will be sent to your admin email.<\/li>\n\n\n\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Time-based_One-time_Password_Algorithm\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Time-Based One-Time Password (TOTP)<\/strong><\/a>: scan the QR code or manually enter the key.<\/li>\n\n\n\n<li><strong>FIDO U2F Security Keys<\/strong>: Requires an HTTPS connection. Configure your security keys in the &#8220;Security Keys&#8221; section on your profile page.<\/li>\n\n\n\n<li><strong>Backup Verification Codes (Single Use)<\/strong>: Generate verification codes and use it while logging into your account.<\/li>\n<\/ul>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">To set up Two-Factor, follow these steps:<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Install and activate the <a href=\"https:\/\/wordpress.org\/plugins\/two-factor\/\" rel=\"noreferrer noopener\" target=\"_blank\">Two-Factor plugin<\/a>.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Upon activation, you need to visit the User&#8217;s\u00bb Your Profile page.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"863\" height=\"474\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.51.55.png\" alt=\"\" class=\"wp-image-12710\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.51.55.png 863w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.51.55-300x165.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.51.55-768x422.png 768w\" sizes=\"auto, (max-width: 863px) 100vw, 863px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">On your profile page, you&#8217;ll notice the new &#8220;Two-Step Authentication&#8221; section just below your account information.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"469\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.49.25-1024x469.png\" alt=\"\" class=\"wp-image-12706\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.49.25-1024x469.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.49.25-300x137.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.49.25-768x352.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.49.25.png 1366w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">First, you need to select an authentication method from the dropdown menu. As we mentioned above, the plugin offers four different ways to provide two-factor authentication.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Authenticate using Email<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">If you select this option, the plugin will send a one-time passcode (OTP) to your admin email address every time you try to log in.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"969\" height=\"445\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.53.46.png\" alt=\"\" class=\"wp-image-12712\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.53.46.png 969w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.53.46-300x138.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.53.46-768x353.png 768w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You need to enter the OTP on the login page to complete the login process.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">TOTP Authentication<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">If you select this option, then you need to use an authenticator app like <a href=\"https:\/\/authy.com\/features\/\" rel=\"noreferrer noopener\" target=\"_blank\">Authy<\/a> or <a href=\"https:\/\/www.google.com\/search?q=Google+Authenticator\" rel=\"noreferrer noopener\" target=\"_blank\">Google Authenticator<\/a> on your smartphone.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"959\" height=\"396\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.54.37.png\" alt=\"\" class=\"wp-image-12713\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.54.37.png 959w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.54.37-300x124.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.54.37-768x317.png 768w\" sizes=\"auto, (max-width: 959px) 100vw, 959px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Scan the QR code or manually enter the key <a href=\"https:\/\/support.google.com\/accounts\/answer\/1066447\" rel=\"noreferrer noopener\" target=\"_blank\">into your authenticator app.<\/a> Once done, you&#8217;ll start seeing a six-digit code in your app that changes every 30 seconds.<\/p>\n\n\n\n<figure class=\"wp-block-video\"><video controls src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/RPReplay_Final1654597629.mp4\"><\/video><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Now submit the final key to the above and click &#8220;submit&#8221; and now you will see option as;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"959\" height=\"396\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.58.34.png\" alt=\"\" class=\"wp-image-12715\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.58.34.png 959w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.58.34-300x124.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.58.34-768x317.png 768w\" sizes=\"auto, (max-width: 959px) 100vw, 959px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You need to enter this code on the login screen whenever prompted.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"652\" height=\"419\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.59.24.png\" alt=\"\" class=\"wp-image-12716\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.59.24.png 652w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-15.59.24-300x193.png 300w\" sizes=\"auto, (max-width: 652px) 100vw, 652px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">FIDO U2F Security Keys<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">If you&#8217;re using a security key like <a href=\"https:\/\/www.yubico.com\/why-yubico\/\" rel=\"noreferrer noopener\" target=\"_blank\">YubiKey<\/a>, then select this option. You need to connect to your WordPress site using an SSL certificate.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Configure your security keys in the &#8220;Security Keys&#8221; section on your profile page. Once done, you&#8217;ll be able to use your security key to log in.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"446\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.02-1024x446.png\" alt=\"\" class=\"wp-image-12717\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.02-1024x446.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.02-300x131.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.02-768x334.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.02.png 1146w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Backup Verification Codes (Single Use)<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">This is the most secure way of two-factor authentication as it doesn&#8217;t require an internet connection or a smartphone.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">With this method, you need to generate verification codes and use them while logging into your account. The codes are single-use and valid for 30 seconds only.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can generate these codes from the &#8220;Generate verification Codes&#8221; section on your profile page.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"446\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.32-1024x446.png\" alt=\"\" class=\"wp-image-12718\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.32-1024x446.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.32-300x131.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.32-768x335.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.01.32.png 1147w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Once you generated, you need to download it using &#8220;download codes&#8221; to your device in order to use 2FA next time using this method;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"446\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.02.20-1024x446.png\" alt=\"\" class=\"wp-image-12719\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.02.20-1024x446.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.02.20-300x131.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.02.20-768x335.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-07-at-16.02.20.png 1147w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You&#8217;ll be taken to the WordPress login page where you need to enter your username and password as usual. After that, you&#8217;ll be prompted to provide the two-factor authentication code.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Enter the code and you&#8217;ll be logged into your WordPress site successfully.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">We hope this section helped you learn how to add two-factor authentication in WordPress.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">#2 &nbsp;WP 2FA \u2013 Two-factor authentication for WordPress<\/h2>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\"><a href=\"https:\/\/wordpress.org\/plugins\/wp-2fa\/\" target=\"_blank\" rel=\"noreferrer noopener\">WP&nbsp;Two-factor authentication<\/a> is a great way to add an extra layer of security to your WordPress site. WP 2FA Offers 3 Free ways to authenticate users in WordPress;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>One-time code via 2FA App (TOTP)<\/strong>: Supported 2FA apps Including Google Authenticator, Authy etc.<\/li>\n\n\n\n<li><strong>One-time code via email (HOTP)<\/strong>: Authenticated Code will be sent to your email.<\/li>\n\n\n\n<li><strong>Backup Codes: <\/strong>Backup codes are a backup option for logging in to the website if the primary two-factor authentication method is inaccessible.<\/li>\n<\/ul>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Premium Options to Authenticate users;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2FA login with push notification<\/strong><\/li>\n\n\n\n<li><strong>2FA login with SMS, WhatsApp &amp; incoming call<\/strong><\/li>\n\n\n\n<li><strong>One-click 2FA login<\/strong><\/li>\n<\/ul>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">First, you need to install and activate the&nbsp;<a href=\"https:\/\/wordpress.org\/plugins\/wp-2fa\/\" target=\"_blank\" rel=\"noreferrer noopener\">WP Two-factor authentication <\/a>plugin.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Upon activation (or you can use the setup wizard after activation), you need to visit the WP2FA Option on the left sidebar inside your admin area.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"446\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.25-1024x446.png\" alt=\"\" class=\"wp-image-12720\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.25-1024x446.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.25-300x131.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.25-768x335.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.25.png 1147w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Go to the 2FA Policies option and select your desired (free) option to authenticate users on your website. i.e. Either TOTP or HOTP;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"446\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.52-1024x446.png\" alt=\"\" class=\"wp-image-12721\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.52-1024x446.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.52-300x131.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.52-768x335.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.54.52.png 1147w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">If you&#8217;re using the HOTP method then you can also set the default email (of users) or the user has an option to specify email for authentication themselves.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"934\" height=\"386\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.55.46.png\" alt=\"\" class=\"wp-image-12722\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.55.46.png 934w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.55.46-300x124.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.55.46-768x317.png 768w\" sizes=\"auto, (max-width: 934px) 100vw, 934px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">There&#8217;s also a secondary method which is Backup codes which can be used if none of the primary methods i.e. TOTP or HOTP works;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"914\" height=\"350\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.56.37.png\" alt=\"\" class=\"wp-image-12723\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.56.37.png 914w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.56.37-300x115.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.56.37-768x294.png 768w\" sizes=\"auto, (max-width: 914px) 100vw, 914px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Setup TOTP Using Google Authenticator<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">If you&#8217;re using TOTP then you need to use an authenticator app like Google Authenticator, Authy, etc on your smartphone.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"901\" height=\"652\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/wp-2fa-wizard7.png\" alt=\"\" class=\"wp-image-12724\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/wp-2fa-wizard7.png 901w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/wp-2fa-wizard7-300x217.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/wp-2fa-wizard7-768x556.png 768w\" sizes=\"auto, (max-width: 901px) 100vw, 901px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Scan the QR code or manually enter the key into your authenticator app. Once done, you&#8217;ll start seeing a six-digit code in your app that changes every 30 seconds.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You need to enter this code on the login screen whenever prompted.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Enforce Two-Factor Authentication to All or Specific Users<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Once you&#8217;ve configured everything, the next step is to enforce two-factor authentication on your WordPress site.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can do it by selecting &#8220;All user&#8221; on the same tab or you also have an option to select a custom userbase to enable two-factor Authentication in WordPress;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"907\" height=\"228\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.58.28.png\" alt=\"\" class=\"wp-image-12725\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.58.28.png 907w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.58.28-300x75.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.58.28-768x193.png 768w\" sizes=\"auto, (max-width: 907px) 100vw, 907px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can choose on the basis of username or roles i.e. Administrator, Contributer, Subscriber, Editor etc.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"947\" height=\"436\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.59.00.png\" alt=\"\" class=\"wp-image-12726\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.59.00.png 947w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.59.00-300x138.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-10.59.00-768x354.png 768w\" sizes=\"auto, (max-width: 947px) 100vw, 947px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Excludes Two-Factor Authentication On the Basis of Role or Username<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">The plugin also provides an option to exclude two-factor authentication for a specific user or role.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can do it by going to the &#8220;Exclude&#8221; option and then select the users or roles from which you want to remove two-factor authentication;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"902\" height=\"268\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.02.34.png\" alt=\"\" class=\"wp-image-12727\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.02.34.png 902w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.02.34-300x89.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.02.34-768x228.png 768w\" sizes=\"auto, (max-width: 902px) 100vw, 902px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">After that, click on the &#8220;Save Changes&#8221; button to store your settings.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">That&#8217;s, all in this way you can exclude users on the basis of roles or usernames to use two-factor authentication in WordPress.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Grace Period to Configure 2FA or Get Blocked<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">The plugin also allows you to set a grace period for users to configure two-factor authentication or else they will be locked out from the website.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can find this option by going to the &#8220;2FA Policies&#8221; tab and then scrolling down a bit, there you will see an option to set the grace period;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"902\" height=\"269\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.03.00.png\" alt=\"\" class=\"wp-image-12728\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.03.00.png 902w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.03.00-300x89.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.03.00-768x229.png 768w\" sizes=\"auto, (max-width: 902px) 100vw, 902px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">After that, click on the &#8220;Save Changes&#8221; button to save your settings.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Redirect users after 2FA setup<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">After a user has configured two-factor authentication, you can also redirect them to any custom URL.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">For example, you can redirect them to the WordPress dashboard or any other custom URL.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can find this option by going to &#8220;WP Two Factor&#8221; -&gt; &#8220;2FA Policies&#8221; and then scroll down to the &#8220;Redirect User After Setup&#8221; section;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"902\" height=\"179\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.03.36.png\" alt=\"\" class=\"wp-image-12729\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.03.36.png 902w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.03.36-300x60.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.03.36-768x152.png 768w\" sizes=\"auto, (max-width: 902px) 100vw, 902px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">After that, click on the &#8220;Save Changes&#8221; button to store your settings.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Redirect User to Custom Profile Pages<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">The plugin also allows you to redirect users to custom profile pages. This is important for Whitelabel Membership WordPress sites that may have frontend user profiles.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can find this option by going to &#8220;WP Two Factor&#8221; -&gt; &#8220;2FA Policies&#8221; and then scroll down a bit, there you will see an option for &#8220;Redirect To&#8221;;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"902\" height=\"407\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.04.59.png\" alt=\"\" class=\"wp-image-12730\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.04.59.png 902w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.04.59-300x135.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.04.59-768x347.png 768w\" sizes=\"auto, (max-width: 902px) 100vw, 902px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">After that, click on the &#8220;Save Changes&#8221; button to store your settings.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Allow user to disable 2FA<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">The plugin also allows users to disable two-factor authentication from their user profile page.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can find this option by going to &#8220;WP Two Factor&#8221; -&gt; &#8220;2FA Polices&#8221; and checking the &#8220;Hide the Remove 2FA button on user profile pages&#8221; button;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"889\" height=\"253\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.13.png\" alt=\"\" class=\"wp-image-12731\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.13.png 889w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.13-300x85.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.13-768x219.png 768w\" sizes=\"auto, (max-width: 889px) 100vw, 889px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">After that, click on the &#8220;Save Changes&#8221; button to store your settings.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">E-mail Settings and Templates<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">The plugin also allows you to send emails to users after they&#8217;ve configured two-factor authentication.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can find this option by going to &#8220;WP Two Factor&#8221; -&gt; &#8220;Settings&#8221; -&gt; &#8220;E-mail Settings and Templates&#8221;;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"578\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.56-1024x578.png\" alt=\"\" class=\"wp-image-12732\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.56-1024x578.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.56-300x169.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.56-768x434.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.06.56.png 1156w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Now you can configure following email templates;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Login code email<\/li>\n\n\n\n<li>User account locked email<\/li>\n\n\n\n<li>User account unlocked email<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">With the available template tags;<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>{site_url} : Your website URL<\/li>\n\n\n\n<li>{site_name} : Your website Name<\/li>\n\n\n\n<li>{grace_period} : Grace period for your users<\/li>\n\n\n\n<li>{user_login_name} : Login UserName<\/li>\n\n\n\n<li>{user_first_name} : First Name<\/li>\n\n\n\n<li>{user_last_name} : Last Name<\/li>\n\n\n\n<li>{user_display_name} : Display name<\/li>\n\n\n\n<li>{login_code} : Codes for verification via HOTP<\/li>\n\n\n\n<li>{user_ip_address} : User&#8217;s IP address<\/li>\n<\/ul>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can design all emails as you want using the WordPress editor itself, add links, Images or embed videos inside the email.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Change The Default Text<\/h3>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Change the default text For The WordPress 2FA Login Page<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">The plugin also allows you to change the text for the WordPress login page.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">You can find this option by going to &#8220;WP Two Factor&#8221; -&gt; &#8220;Settings&#8221; -&gt; &#8220;Whitelabeling&#8221;;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"579\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.31.27-1024x579.png\" alt=\"\" class=\"wp-image-12733\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.31.27-1024x579.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.31.27-300x170.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.31.27-768x434.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.31.27.png 1157w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"3a71b6f0-5492-4193-97e4-9a19df13d369\">You have two options to edit;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>2FA code page text<\/li>\n\n\n\n<li>Backup code page text<\/li>\n<\/ul>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">Here you can choose and write the default text when the user uses 2FA.<\/p>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">After that, click on the &#8220;Save Changes&#8221; button to store your settings.<\/p>\n\n\n\n<p>More Resources;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kwebby.com\/blog\/wordpress-6\/\">WordPress 6 \u2013 What\u2019s new, Exciting Features and more<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kwebby.com\/blog\/gutenberg-block-editor-tips\/\">10 Time-Saving Tips for WordPress Gutenberg Block Editor Users<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kwebby.com\/blog\/redirect-url-in-wordpress\/\">How to Redirect URL in WordPress: A Comprehensive Guide (4 Methods)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kwebby.com\/blog\/tutorials\/wordpress-tutorials\/\" target=\"_blank\" rel=\"noopener\">More WordPress Tutorials<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p id=\"21984fd2-be88-4d85-9399-e8cdb80ef26c\">We hope this tutorial helped you learn how to enable two-factor authentication in WordPress. If you have any questions or suggestions, feel free to leave a comment below. Thanks for reading!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions<\/h2>\n\n\n\n<p id=\"4a6b2051-57a7-47b3-9702-a74ccd2dbc0e\">We hope this tutorial helped you configure your WordPress security but in-case if you have some questions, do find the list of questions we have collected as frequently asked questions below;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How do I turn off two-factor authentication in WordPress?<\/h2>\n\n\n\n<p id=\"82a1348a-e676-4193-b59d-12c27ae90566\">If you want to turn off two-factor authentication in WordPress, you can find this option by going to &#8220;WP Two Factor&#8221; -&gt; &#8220;2FA Policies&#8221; -&gt; &#8220;Enforce 2FA on&#8221;.<\/p>\n\n\n\n<p id=\"82a1348a-e676-4193-b59d-12c27ae90566\">You will see an option for &#8220;Do not enforce on any users&#8221;, check it and it will stop enforcing for everybody.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How do you implement two-factor authentication in Java?<\/h2>\n\n\n\n<p id=\"0d25c990-513a-4742-84db-fd39076621d2\">You can implement two-factor authentication in Java using the Google Authenticator library. The library is open-source and <a href=\"https:\/\/github.com\/googleapis\/google-auth-library-java\" rel=\"noreferrer noopener\" target=\"_blank\">available on Github<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How do I add OTP verification to my WordPress site?<\/h2>\n\n\n\n<p id=\"7afd86e0-8192-452c-98fc-223ac44c123f\">You can add OTP verification to your WordPress site using the <a href=\"https:\/\/wordpress.org\/plugins\/miniorange-otp-verification\/\" rel=\"noreferrer noopener\" target=\"_blank\">WP OTP Verification plugin<\/a>. The plugin is available for free on the WordPress repository.<\/p>\n\n\n\n<p id=\"7afd86e0-8192-452c-98fc-223ac44c123f\">In this case, you have to choose an SMS Service provider like Twilio to integrate into the app.<\/p>\n\n\n\n<p id=\"7afd86e0-8192-452c-98fc-223ac44c123f\">Go to Twilio.com and Signup for an account.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"429\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.33.30-1024x429.png\" alt=\"\" class=\"wp-image-12734\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.33.30-1024x429.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.33.30-300x126.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.33.30-768x321.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.33.30-1536x643.png 1536w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.33.30.png 1639w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"7afd86e0-8192-452c-98fc-223ac44c123f\">Upgrade your account by topup for at least 20$ and you will get your API keys by going to view the product on left;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"897\" height=\"484\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.30.png\" alt=\"\" class=\"wp-image-12735\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.30.png 897w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.30-300x162.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.30-768x414.png 768w\" sizes=\"auto, (max-width: 897px) 100vw, 897px\" \/><\/figure>\n\n\n\n<p id=\"7afd86e0-8192-452c-98fc-223ac44c123f\">choose the &#8220;Messaging&#8221; option and here you will find your API keys;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"483\" src=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.53-1024x483.png\" alt=\"\" class=\"wp-image-12736\" title=\"\" srcset=\"https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.53-1024x483.png 1024w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.53-300x141.png 300w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.53-768x362.png 768w, https:\/\/kwebby.com\/blog\/wp-content\/uploads\/2022\/06\/CleanShot-2022-06-08-at-11.34.53.png 1453w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p id=\"7afd86e0-8192-452c-98fc-223ac44c123f\">now open WP2FA or WP OTP verification plugin and go to the settings and paste the above plugin details.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What method does the WordPress REST API use for authentication?<\/h2>\n\n\n\n<p id=\"052c240a-1861-4d67-9690-8f844a660ffb\">The WordPress REST API uses the <a href=\"https:\/\/jwt.io\/introduction\" rel=\"noreferrer noopener\" target=\"_blank\">JSON Web Token Authentication<\/a> method for authentication.<\/p>\n\n\n\n<p id=\"052c240a-1861-4d67-9690-8f844a660ffb\">This method is more secure than the Basic Authentication method and is recommended for use with the <a href=\"https:\/\/developer.wordpress.org\/rest-api\/\" rel=\"noreferrer noopener\" target=\"_blank\">WordPress REST API<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8217;re like most WordPress site owners, you want to do everything possible to keep your site safe from hackers. One way to do that&hellip;<\/p>\n","protected":false},"author":1,"featured_media":12738,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[100,4,404],"tags":[],"class_list":["post-12700","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-tutorials","category-wordpress-tutorials"],"_links":{"self":[{"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/posts\/12700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/comments?post=12700"}],"version-history":[{"count":3,"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/posts\/12700\/revisions"}],"predecessor-version":[{"id":22742,"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/posts\/12700\/revisions\/22742"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/media\/12738"}],"wp:attachment":[{"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/media?parent=12700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/categories?post=12700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kwebby.com\/blog\/wp-json\/wp\/v2\/tags?post=12700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}