In this article, we’ll be running through the steps to set up 2 Factor Authentication (2FA) on your WordPress website.
If you’re a client of Prystine, you can skip straight to the ‘Choosing a 2FA Authenticator App‘, if you already have an authenticator app downloaded, you can skip to ‘Enabling 2FA‘.
Installing the functionality #
First up, we’ll need to enable 2FA functionality on your website. This currently is not a native feature of WordPress, so you’ll have to install a plugin. We recommend using WordFence, which is one of the most popular and, in our opinion, best security plugins for WordPress.
If you’re a client of Prystine, we would have carried this out on your website for you.
To install the WordFence plugin #
Before we proceed, it’s strongly recommended you take a full site backup before installing a new plugin and carry out the install first in a development or staging area. If you’re unsure, speak to your web developer or reach out to us for help.
You can view the official WordFence installation guide here and we recommend that you do follow their guide. Otherwise, below is a very brief summary of the necessary steps.
From there, click the “Add New” button, then search for “WordFence”. Once you can see the plugin, hover over it and then click “Install”, followed by “Activate”.
Choosing a 2FA Authenticator App #
Personally, we use the Microsoft Authenticator app.
Enabling 2FA #
To set up 2FA on your WordPress login account, in the admin dashboard, you’ll need to navigate to WordFence > Login Security.
You’ll be confronted with a page that looks similar to figure 1 below.
On the left, you’ll see a QR code to scan from within your Authenticator app. Once done, you’ll then need to input the generated passcode where the box currently says “123456”.
Hit “Activate” and that’s it, you’re all set up!
You can optionally download the backup codes, incase you lose access to your authenticator app, but keep them very safe and secure.
You can learn more about 2FA by following this link here.