2FA aka 2 Factor Authentication is a must to secure your accounts on the internet. This method of authentication will significantly reduce the risk of anyone being able to gain unauthorised access to your WordPress admin portal by requiring a 2nd form of authentication only accessible by you.
By enabling 2FA on WordPress, you will need to enter either a code from your authenticator app on your mobile device or a code emailed to you, every time you log into WordPress. The idea is that only you have access to your mobile device or emails, thus reducing the risk of unauthorised access.
In this article I will show you 3 simple steps on How to enable 2FA on WordPress for free.
3 Simple Steps to enable 2FA on WordPress
- Download the iThemes Security plugin and activate
- Enable 2FA in Login Security
- Setup your authenticator app
1. Download the iThemes Security plugin
In WordPress, navigate to Plugins >> Add plugins
Search for iThemes Security and click on Install
Once installed, click on Activate
2. Enable 2FA in Login Security
Once the plugin is installed and activated
Navigate to Security >> Features >> Login Security
Turn the switch on next to the Two-Factor option
(iThemes Security may take you through a setup process. Simply follow the prompts, some options you can skip and setup later.) Comment below if you want me to write up a step by step guide on how to setup up iThemes Security plugin and explain what each of the options do.
3. Setup your authenticator app
To setup your authenticator app to link to your account simply log out off WordPress and the next time you log in you will be greeted with the “Setup Two-Factor” screen.
Under Methods >> select Mobile App
Select either iOS or Andriod
Download one of the apps. (Authy, Google Authenticator, FreeOTP Authenticator or Toopher)
Scan the QR code within the app. You will then be presented with a 6 digit code
Enter in the 6 digit code from your mobile device into the “Authentication Code” field and click Verify
It will take you back to the Select Methods screen where you can enable Email as a back up option just in case you don’t have access to your mobile device.
That’s it! You’ve just learned how to enable 2FA on WordPress
Every time you log into your WordPress admin portal it will ask you for your username, password and authentication code.