How can we help?

Search for answers or browse our knowledge base.

Table of Contents

What are 2FA backup codes?

WordPress two-factor authentication, just like 2FA elsewhere, relies on a separate account to deliver an OTP (One Time Passcode) to login to WordPress. This separate account can be an authenticator app, email, your phone, or Authy account – depending on how 2FA was set up.

This may present a problem should you lose access (even if temporary such as forgetting your phone charger at home) to that account which may prevent you from logging in to WordPress. This is precisely the problem 2FA backup codes solve.

What are backup codes?

Backup codes are a series of one-time codes you can use as a backup should your primary 2FA method become unavailable. These codes are generated through WordPress itself (provided 2FA is enabled).

How to get backup codes

If you are using WP 2FA for your WordPress two-factor authentication, you have two options to get backup codes – during 2FA configuration and after 2FA has been configured.

During 2FA configuration

configure backup codes during 2FA configuration

When configuring 2FA through the wizard, at the very last step, you will be asked if you want to generate a list of backup codes – provided your administrator has made these available. Simply click on the Generate list of backup codes to get your list of backup codes.

From here you can either:

  • Download – automatically download a text file with the codes
  • Print – Open the Printing prompt to print to your printer of choice

You can also manually copy the codes and save them somewhere safe.

Note: Make sure you keep them in a (very) safe place as these codes are a part of your authentication process. Once a code is used, you can safely discard it since it’s only valid for one-time use.

After 2FA configuration

If you missed the backup code generation option during the setup process or used them all up and need some more, you can still generate a fresh new batch from your WordPress user profile page.

Generate 2FA backup codes after setup

To generate backup codes after 2FA has been set up:

  • Go to your WordPress user profile page
  • Scroll down to the Two-factor authentication settings section
  • Click on Generate list of backup codes

This will generate a new list of 10 backup codes which you can download, print, or copy and paste to a location of your choosing. Click I’m ready close the wizard once done.

When to use backup codes

Think of backup codes like a single-use emergency spare key. To log in to your WordPress website you need the username, password, and a one-time code generated by your chosen 2FA method. If for some reason you cannot generate the one-time code via the normal primary means, backup codes will act as a stand-in replacement, allowing you access as if you had the OTP generated by your primary method.

Use backup codes alternative to login

To use a backup code, click on Or, use a backup code when asked for the two-factor authentication code. The link is highlighted in the screenshot below. Enter any of your available backup codes and you will log in to your WordPress website.

How many backup codes can you have, or have left?

Backup codes are also one-time codes. So once you use a code, it cannot be used again. By default, the plugin creates ten backup codes for every user. You can see how many backup codes you have left under the WP 2FA settings section on your profile page.

Note: Do not wait until you have just one backup code left. Don’t risk getting locked out. Create ten new backup codes whenever you have less than two unused backup codes left.

Backup codes alternative

Users also get access to email OTP as a secondary 2FA method. Your administrator needs to enable this feature for it to become available. It allows you to receive a One Time Passcode via email should your primary 2FA method fail.

Get started with 2FA on your WordPress website

Have you enabled two-factor authentication (2FA) on your WordPress website? If not, now is the right time to try! Use WP 2FA, a free WordPress two-factor authentication plugin. WP 2FA is very easy to use and allows you to configure 2FA policies to make 2FA mandatory or optional for your users.

 Boost your sites’ security and management! Download our free eBook on WordPress oversight.

Uploading WP 2FA as a zip file in WordPress
WP 2FA in the WordPress plugin repository
Close

Installing WP 2FA Free

Congratulations on taking the first step towards enhancing your WordPress site's security with WP 2FA Free! You're now on your way to protecting your valuable data and ensuring peace of mind. No coding or technical knowledge is required.

 

Below are two ways to install WP 2FA on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for WP 2FA.

Download the WP 2FA plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading CAPTCHA 4WP as a zip file in WordPress
CAPTCHA 4WP in the WordPress plugin repository
Close

Installing CAPTCHA 4WP Free

Well done you. You're one step closer to safeguarding your WordPress website from spam and automated attacks with CAPTCHA 4WP. You'll be able to effortlessly integrate CAPTCHA into your forms and enjoy a website with enhanced security.

 

Below are two ways to install CAPTCHA 4WP on your website:

Go to your plugin dashboard on your site, then go to "Add New", and then search for CAPTCHA 4WP.

Download the CAPTCHA 4WP plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading WP Activity Log as a zip file in WordPress
WP Activity Log in the WordPress plugin repository
Close

Installing WP Activity Log Free on your website

You deserve a pat on the back for choosing to record user actions and changes on your website. That is the first step towards better user accountability, easier troubleshooting of website security, and many other benefits of issues.

 

Below are the two ways to install WP Activity Log on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for WP Activity Log.

Download the WP Activity Log plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2

Uploading Melapress Login Security as a zip file in WordPress
Melapress Login Security in the WordPress plugin repository
Close

Installing Melapress Login Security Free

Congratulations on taking control of your WordPress website's security by implementing robust login and password policies with Melapress Login Security. You can change your login page URL, limit failed login attempts, and reset passwords.

 

Below are two ways to install Melapress Login Security on your website:

Go to your plugin dashboard on your site, then go to "Add New" and then search for Melapress Login Security.

Download the Melapress Login Security plugin zip, then select upload in your plugin dashboard under "Add New".

OPTION 1

OPTION 2