Home : Two-factor Authentication (2FA)

Two-factor Authentication (2FA)

Setting Up 2FA on WordPress

Login Page: https://YOURDOMAIN.ORG/wp-login.php

Login Security. 2FA is optional but recommended for all users. (It is required for Managers and Administrators.)

  • To set up 2FA, go to the Login Security menu item in your sidebar and follow these instructions.
  • You can use most Time-Based One-Time Passwords (TOTP)-based apps, e.g.:
    • Okta Verify
    • Google Authenticator
    • Sophos Mobile Security
    • FreeOTP Authenticator
    • 1Password (mobile and desktop versions) 
    • LastPass Authenticator
    • Microsoft Authenticator
    • Authy 2-Factor Authentication
  •  There are three steps (despite what it says on the screen): 

1 Scan or entry key.   2 Enter code from app.  3 Activate. Don’t forget the last step!

Screenshot of Login Security 2FA activation screen.

Require 2FA for User Role

In order to enable 2FA for users on your site, you must first require 2FA for one or more user roles. Complete the following steps to require 2FA:

  1. Log in to the primary WordPress site and navigate to “Login Security”.
  2. Navigate to the “Settings” tab.
  3. Scroll down to the “2FA” section. Under “2FA Roles”, you will see a list of the user roles on your site, each followed by a dropdown menu containing options for “Disabled”, “Optional”, and “Required”. Make sure the dropdown is set to “Required” for whichever role(s) you want to be protected by 2FA.