Search for answers or browse our knowledge base.
How to set up WP 2FA to use SMS OTP authentication
WP 2FA supports SMS OTPs as one of the 2FA authentication methods. This method is often favored in environments where the end users do not necessarily have a device that can accommodate authenticator apps.
In this knowledge base article, we will go through the process of setting up SMS OTP authentication via Twilio for the first time – from setting up a Twilio account all the way to configuring your WordPress website to send SMS OTPs.
Important note: SMSs are sent via Twilio, which may require account credit. At the time of writing, Twilio is offering new sign-ups free credit for testing purposes.
Step 1: Create a Twilio Account
Twilo is a customer engagement platform company that offers automated SMS notifications. While WP 2FA generates the OTP, it needs a Twilio account to be able to send it as an SMS to the user.
- Head to twilio.com
- Sign up for an account
Twilio will then send you a verification email, which you must verify to complete the account setup.
Once you verify your email, you will also need to verify your phone, which you can do via SMS or phone call.
Step 2: Personalize your Twilio experience
Once both your email address and phone number have been verified, Twilio will ask you to customize your experience through a series of questions regarding your goals. Since you can use your Twilio account for other purposes, feel free to fill in this section as you best see fit.
Step 3: Get a Twilio phone number
To send SMSs via Twilio, you need to get a Twilio number. This is the number from which the SMS OTPs will be sent. All you need to do is click on the Get a Twilio phone number, and Twilio will automatically issue you with a number.
Step 4: Configure WP 2FA
With the Twilio number set up, you have everything you need to connect WP 2FA to Twilio. Before heading to your WordPress website, make sure you grab the:
- Account SID
- Authy Token
- My Twilio phone number
You’ll find this under the Account Info section. Next, Log in to WordPress and navigate to WP 2FA > Policies
Click on the One-time code via SMS (with Twilio) radio button and fill in the details. Then click on Verify the Twilio keys to ensure WordPress can communicate with Twilio. Remember to click on the Save button at the end of the page to save changes.