Search for answers or browse our knowledge base.
Getting started with the WP 2FA plugin
WP 2FA is two-factor authentication (2FA) plugin for WordPress websites. It is very easy to use, and you can use it to configure 2FA policies on your websites. This getting started guide will help you set up 2FA for your website.
Download and install the plugin
- Login to your WordPress dashboard and navigate to the plugins page.
- Search for WP 2FA.
- Click the Install Now button next to the WP 2FA plugin description and activate it.
Configure 2FA for your own WordPress user
When you activate the plugin, a wizard starts automatically to help you configure 2FA for your users.
Click on Let’s Get Started to continue
Step 1: Select 2FA Methods
In the Select 2FA Methods screen, choose which 2FA methods you want to give your users access to. Available options include:
- One-time code via 2FA App – When using this method, users have to configure a 2FA app, such as Google Authenticator and Authy, to generate a code.
- One-time code via email – When using this method, users will receive a code via email to use as their 2FA OTP. Kindly make sure your WordPress can send emails before choosing this method.
You can select either method or both. When selecting either method, the user will only have that method available to set up and configure. When selecting both methods, the user will have the option to choose the method that best suits their needs.
Once ready, click on Continue Setup
Step 2: Select an alternative 2FA authentication method
Alternative 2FA authentication methods give users the option to use a backup code should their primary authentication method fail. To illustrate this with an example, if a user forgets their phone, or WordPress fails to route emails correctly, the user can use a backup code to gain access to their account. This ensures that users do not get locked out.
Backup codes are enabled by default. Click on Continue Setup to continue.
Step 3: Enforce 2FA
When enforcing 2FA, users have to configure 2FA. You will be able to configure a grace period in the next step, giving users a time window to comply. When 2FA is not enforced, users can choose whether they want to set up 2FA or not.
- All users – Enforce 2FA for all users
- Only for specific users and roles – Enforce 2FA on specific users and roles (click this option to enter the users and/or roles you want to enforce 2FA on)
- Do not enforce 2FA on any users – Does not enforce 2FA and leaves it optional
Once you’ve made your selection, click on Continue Setup to continue
Step 4: Configure a grace period
If you chose to enforce 2FA, here you can set up a grace period. The grace period gives users who must configure 2FA a time window in which they must configure 2FA.
- Users have to configure 2FA straight away – Choose this option to force users to configure 2FA straight away
- Give users a grace period to configure 2FA – Give users a grace period to configure 2FA.
If you chose to give users a grace period in the previous step, you will need to configure what happens if they do not configure 2FA within the allocated timeframe:
- Do not let them access the dashboard/user page once they log in until they configure 2FA – Choose this option to force users to configure 2FA before they proceed to the dashboard/user page
- Block the user (administrators have to manually unblock them) – Choose this option to block the account. An administrator will have to manually unblock the account
Once you’ve made your selection, click on All done to finish the configuration.
Configure 2FA for your Account
There is no better way to lead than by example. In the next screen of the setup wizard, you can set up 2FA for your account or choose to configure it later.
Click on Configure 2FA now to configure 2FA for your account
Step 1: Choose your preferred method
If you chose both 2FA methods during setup, you will see both options here. If you only chose to only make one method available, the selection you’ll see in this step will be limited to your selection.
Once you’ve made your selection, click on Next Step to continue
Step 2: Configure your preferred method
The options you will see on the next screen will differ depending on the chosen method. Follow the on-screen instructions to complete your 2FA configuration.
Two-factor authentication (2FA) is now configured on your WordPress site!
That is it. 2FA is now configured on your WordPress website. If you are enforcing 2FA on your site users, read how 2FA policies work on WordPress for more information on how policies are enforced.
Take your WordPress 2FA experience to the next level
WP 2FA comes chock-a-block with features and utilities that can truly elevate your experience and that of your users. Refer to our the WordPress 2FA knowledge base to learn more about what the plugin can do for you.