Categories

AI
1
Billing
11
Caching Guide
1
Client Portal (WHMCS)
1
Coding
38
Delegated Access
5
DIVI
4
Domains
10
Email Support
29
Facebook Ads Managment
13
Google Cloud
2
Interesting Articles
4
Invoices and Taxation
10
Legal
1
Linux Commands
1
Litespeed
3
MailGun
4
Misc
3
Office 365
4
Policies
27
Rackspace Mail
42
Resales Online Plugin
3
Scams/Phishing
8
SmarterMail
26
SmarterMail (Server Admin)
1
Standard Operating Procedures
7
Thunderbird
1
Tutorials
28
Web Design
4
Web Hosting
22
Website Care Plans
3
Wordpress
6

  Categories

  Tag Cloud

2fa 301 redirect 550-5.7.1 90 day warranty ad account ad sizes ad spend adding users admin access ads adwords align api filters api key apple mail archive archiving attachment filtering attachment policy attachment security auto reply autodiscover autoresponder back date backdate backup email backups banned banner bash bcc archiving blacklisting block bots blocked attachments breaking up browser refresh bug report business email business manager cache caching capthca cash change password Charities charity chrome client portal cloud linux cloud storage complaints concat config content content warnings court order pdf scam cpanel cpanel email cpanel remote mail exchanger credit card credit cards cron css custom wp config cyber security debug debug mode delegate delete mail deleted email denied disk usage warning diskcritical divi divi blog dkim dmarc dns dns cache dns only domains email email administration email archiving email attachments email best practices email compliance email hosting email malware email migrations email protection email restrictions email safety email security email setup email support policy Employee acces envato EU cross-border transactions exchange exchange server facebook facebook ads facebook business manager Facebook invoice Facebook marketplace fail over fallback feedback file attachments file sharing file transfer files filezilla ftp filter Finance Analyst find email firewall fix permissions fix perms folder prefix force download force ssl form emails form spam forwarding fragmentation framework ftp ftp over tls full mailbox gmail gmb godaddy google google adwords google analytics google authenticator google chrome google cloud google local google maps google my business google places google sheets google webmaster tools google workspace migration grant access graphic design gravity forms greylist gsc gwmt gwt hacked wordpress header Hetzner hosting hosting migrations htaccess htaccess tips images imap imap and pop differences imap port imunify360 inbox increase limit INSERT invoice invoices ios ip iphone IPS tag IT jailed shell jerk jquery large file transfer lead forms legal licenses litespeed local listings lockdown wordpress login security logo concepts logo design logo project logos lost emails lve mac mac mail mac marbella macmail mail app mail test mail tester malware protection many chat manychat mcc mfa migration migration of hosting migrations missing emails mobile modsec moving ms office multi factor authentication multiple logins mx mysql nameservers navicat networking marbella nominet office 365 office365 old php versions outage outlook outlook 2010 outlook deliverability issues owa password password protected password reset passwords pay paying cash payment failed payment policy payments paypal pdf files PDO_SQLITE permalinks permissions perms phishing phishing email photos php php 5.1 php 5.6 php 7 php 7.3 php 7.4 php info php versions phpinfo pico policies policy pop ports post launch checklist pram procedure proforma invoice protect wordpress public key pure ftp pure-ftp pureftp rackspace calendars rackspace mail ram ransomware protection receive recover recpatcha redirect refresh relay remote session remote support remove post type remove posts button reporting a bug reporting spam resales online resales online api reset resource abuse rest api restricted file types root shell rsync safelist senders scam scam warning scams scans search console search folder secure cert secure email secure file transfer secure wordpress security send sending lmiits sent sent items sent messages seo setup setup email sftp shell smartermail smtp smtp port snag snag list snagging softaculous spam spam prevention spamcop spams spf SQLite3 srv srv records ssh ssl ssl cert status stock stock photo storage boxes store sent messages stripe sub menu subject line swiss symfony system status tasks tax id tax invoice taxes telegram text content third party thunderbid thunderbird tls tos transmit ftp turn off two factor auth two factor authentication uce protect uk tax uk vat untrusted ip UPDATE update php upgrade php uptime Use Smart Addresses vacation message vat verify vertical vies vimeo virus virus scanning warning warranty we transfer web design web hosting web project webmail webmaster tool webmaster tools website protection website security wetransfer whitelist whitelist sender whm whmcs windows wofeedback wordfence wordfence login security wordpress wordpress admin security wordpress cache wordpress code wordpress functions wordpress log in protection wordpress login wordpress scan wordpress security wp bakery builder wpml wpml flags wpml site key www

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

Activating 2FA on Your Wordpress sites using Wordfence Log in Security Plugin Print

  • 2fa
  • two factor auth
  • wordpress
  • wordfence
  • wordfence login security
  • wordpress security
  • website protection
  • multi factor authentication
  • two factor authentication
  • mfa
  • login security
  • google authenticator
  • wordpress login
  • wordpress admin security
  • website security
  • protect wordpress

How to Enable Two-Factor Authentication (2FA) in WordPress Using Wordfence Login Security

Important Security Notice

Passwords alone are no longer enough to protect modern websites. Attackers regularly use stolen passwords, phishing emails, malware and automated login attempts to gain access to WordPress websites.

Two-Factor Authentication (2FA) adds an additional layer of protection by requiring a temporary code from your mobile device before access is granted.
Article Information
  • Applies To: WordPress Websites
  • Plugin: Wordfence Login Security
  • Difficulty: Easy
  • Estimated Time: 5 Minutes
Before You Begin

This tutorial assumes that the Wordfence Login Security plugin is already installed and configured on your WordPress website.

If the plugin is not already installed, please contact your website administrator or support provider.

Why Two-Factor Authentication Is Important

Many WordPress website compromises occur because an attacker obtains a valid username and password.

Even if you use a strong password, there are many ways it can become exposed:

  • Passwords reused on other websites that later suffer a data breach.
  • Phishing emails designed to trick users into revealing login details.
  • Malware installed on a computer or mobile device.
  • Brute force attacks attempting thousands of password combinations.
  • Shared passwords between team members.

Two-Factor Authentication prevents attackers from accessing your website even if they know your password because they would also need physical access to your mobile device.

This significantly reduces the risk of website compromise, content vandalism, spam injections, malware infections and unauthorised administrator access.

Table of Contents

Step 1 - Download Google Authenticator

Download the Google Authenticator app onto your mobile phone.

Tip: Search for Google Authenticator in your device's app store or use the download buttons below.

Google Play Store

Apple App Store

Step 2 - Open Your WordPress Profile

Log in to your WordPress administration area and navigate to your user profile.

Step 3 - Open Wordfence Login Security

Scroll down until you see the Wordfence Login Security section.

Click the Manage 2FA button.

Step 4 - Scan the QR Code

You will now be presented with a QR code.

This QR code contains the information required to link your WordPress account to the Google Authenticator application.

Step 5 - Open the Authenticator App

Open Google Authenticator on your mobile phone.

Tap the + icon and select Scan QR Code.

Step 6 - Verify the Account

Once the QR code has been scanned, your WordPress website will appear inside the Google Authenticator application.

A six-digit code will be generated automatically and refresh every 30 seconds.

Step 7 - Activate Two-Factor Authentication

Enter the six-digit code displayed within the Google Authenticator app into the verification field.

Click Activate to enable Two-Factor Authentication.

Step 8 - Recovery Codes (Optional)

After activation you may be offered the option to download recovery codes.

Warning

Recovery codes can be used to bypass Two-Factor Authentication.

Only download and store them if you understand how to keep them secure. Anyone who gains access to these codes may be able to access your WordPress account.

Step 9 - Logging In With 2FA Enabled

The next time you log in to WordPress you will first enter your username and password as normal.

You will then be prompted to enter the current six-digit code from your Google Authenticator app before access is granted.

That's it. Two-Factor Authentication is now enabled and helping to protect your website.

Was this answer helpful?

Related Articles

Photo snag list format You are reading this because we have asked you to send us references to stock photos.Its not... What is a snag list? You are reading this article because you would like to know what a snag list is in relation to... How to refresh your browser ← Back to Caching Guide You are reading this page because a website has recently been... How to clean up spam entries in gravity forms Gravity forms is a fantastic forms plugin, however if you have a popular web site it can become a... How to clear your dns cache ← Back to Caching Guide You are reading this article because your computer or internet...
« Back