How can we help?

Search for answers or browse our knowledge base.

Table of Contents

How to allow users to configure 2FA from a custom website page

In certain setups, WordPress users may not have access to the WordPress dashboard area (wp-admin). For example, this is common when running a WooCommerce/eCommerce site, a membership website, or some form of custom solution in which users access a custom user dashboard or profile page.

In such cases, WP 2FA offers two solutions for administrators who want their users to configure and manage WordPress two-factor authentication – a frontend 2FA settings page and shortcodes. You should use the frontend 2FA settings page if you want WP 2FA to create the page from where users can set their 2FA. On the other hand, you should use the shortcodes if you want to add the 2FA setup form to an existing page.

Enabling the frontend 2FA settings page

If you want the plugin to create the page from where users can set up their 2FA, and then link to it from your users’ custom dashboard. From your WordPress dashboard, navigate to WP 2FA > 2FA Policies, set the Frontend 2FA settings page setting to Yes, and specify the URL. You can then link the page from your users’ custom dashboard. The following settings are available for configuration:

  • Frontend 2FA settings page – Use this option to enable or disable the 2FA frontend settings page
  • Frontend 2FA settings page URL – Enter the URL slug you want to use for the custom 2FA frontend settings page. WP 2FA will automatically create this page for you
  • Redirect users after 2FA setup – Enter the URL slug you would like to redirect users to once they’ve completed the 2FA setup
Can users access the WordPress dashboard or you have custom profile pages?

Setting up a WordPress frontend 2FA settings page

Once you save the settings, the plugin automatically creates the page. It also adds the URL of the page to the 2FA email notification that is sent to the users. Therefore, when the users receive the notification email to configure 2FA, if 2FA is enforced on them, they can simply click on the link, authenticate, and configure 2FA within seconds.

enforced 2fa email template

Customizing the page

The page the plugin creates simply adds a WP 2FA shortcode to a new page. Therefore, the page can be fully customized like any other WordPress page. You can further customize your users’ 2FA experience through additional shortcodes. Refer to the ‘Further WordPress user 2FA customizations’ section below for more information.

Using shortcodes for the custom user 2FA configuration page

If you want to add the 2FA setup form to an existing custom user profile page, you can add the below shortcode in between square brackets to the custom page:

[wp-2fa-setup-form]

By using the above shortcode, you can add our handy setup wizard to your custom user profile pages, no matter what kind of setup you are running. Here is an example of how this form looks when using the default twenty-twenty theme.

WordPress 2FA configuration wizard

As you can see, the output includes a message letting the user know they need to set up 2FA and a neat countdown if 2FA is enforced on the users. If not, that notification won’t appear. Once the user has configured 2FA, they will see the following options instead of the CONFIGURE 2FA button:

WordPress 2FA user options

Users will be able to use the easy-to-use wizards to change their 2FA configuration, remove 2FA (if enabled by the administrator), and generate new backup codes –  all within the comfort of their custom member area page.

Further WordPress user 2FA customizations

WP 2FA provides a number of additional shortcodes that enable you to further customize your users’ 2FA experience. In this section, we will take a look at these shortcodes alongside examples of how they can be implemented.

Customizing the text

You can hide the text of the 2FA setup form and replace it with your own. All you need to do is add the show_preamble=”false” parameter to the shortcode. This will hide the text, giving you even more control over the look and feel of the 2FA setup form.

[wp-2fa-setup-form show_preamble="false"]

Removing the “Currently configured”

By default the plugin displays the currently configured primary and secondary 2FA methods on the frontend 2FA configuration page. To remove these, use the shortcode option do_not_show_enabled and set it to true, as per the below example:

[wp-2fa-setup-form do_not_show_enabled="false"]

Styling the form

The form automatically inherits your theme’s styling. However, you can still apply your own custom styling should you wish. In this section, we will detail some key CSS selectors and some examples of how you can style common elements, like buttons and inputs.

To apply your own styling to the buttons that trigger the wizard, use the following CSS:

.wp2fa-modal .button {
padding: 13px 20px;
background-color: #337ab7;
color: #ffffff;
letter-spacing: 0.4px;
text-transform: uppercase;
}

Text inputs, on the other hand, can be customized using the following CSS. Of course, you will need to tweak this to suit your needs and requirements:

.wp2fa-modal input {
padding: 13px 20px;
border: 1px solid #cccccc;
}

Styling the user 2FA notification

Users with an applicable 2FA policy who can access the WordPress dashboard will see a notification like the one shown below. This notification informs users that they need to configure 2FA and by when.

If users do not have access to the WordPress dashboard, you can use the following 2FA notices shortcode to display the notices on any page you wish:

[wp-2fa-setup-notice]

With the above shortcode, any user who visits the page (and is required to configure 2FA) will see a notice just like the admin notice shown above. This only applies to user-facing pages.

WordPress 2FA setup notification

The content is identical to the admin notice, and as with everything else, the styling is inherited from your theme. The screenshot above shows how the notification looks using the default twenty-twenty WordPress theme.

By default, the CONFIGURE 2FA NOW button will open either:

  1. The standard setup wizard we provide by default, or
  2. The custom user page configured in the plugin settings page

If, however, you want to specify where the CONFIGURE 2FA NOW button should link to when outputting the notice via shortcode, we have created a parameter for this task. Simply add your desired page URL via this parameter, and you’re all set:

[wp-2fa-setup-notice configure_2fa_url="<a href="http://domain.com/custom-page">Configure 2FA</a>"]

Just like you see in the example above, replace the sample URL with your custom page’s URL (typically the page where you have placed the setup shortcode), and you’re all set.

Using the shortcode within a template file

In some cases, you may not wish to add the shortcode directly to a page’s content area. Instead, you may want to use a bespoke template file or such. If this is the case, you can use WordPress’ handy do_shortcode function to turn our shortcode into something more useful for you as follows:

do_shortcode('[wp-2fa-setup-form]');

The survey results are in: Find out what your WordPress security gameplan might be missing

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2