Resources     Blog  

  1. Home
  2. WordPress Tutorials
  3. How to Include Two Factor Authentication for WordPress

How to Include Two Factor Authentication for WordPress

Two-factor authentication in WordPress is becoming increasingly popular as website owners look for more ways to secure their sites against unwanted infiltration. There are several really good ways that you can get WordPress 2FA in place.

Today, I am going to show you how to do it using a smooth plugin.

There are several other really great ways to keep your website secure, but 2-factor authentication for WordPress is definitely one that is gaining steam. Seems like every site should have this set up at some point, so let’s look at how you can easily get it into place on your website.

What is Two-Factor Authentication?

Simply put, 2FA is an extra layer of security that is used to make sure that anyone trying to gain access to online accounts is actually who they claim. It works in conjunction with smartphones, and a user has to verify at least one trusted phone number to enroll in 2FA. 

Apple iOS, Google Android, and Windows 10 all have apps that support 2FA. This means that it enables the phone itself to serve as the physical device to satisfy the authentication portion. It works by asking users to enter a six-digit number.

Right after a user enters a name and a password, they will immediately be asked for another piece of information to verify that they are who they say they are. The second factor could be any of the following:

  • PIN Number
  • Passwords
  • Secret Questions
  • Something You Have (credit card, smartphone, hardware token)
  • Finger Print
  • Iris Scan
  • Voice Print

The last three are more advanced but can be set up when needed.

I am going to show you how you can easily add two-factor authentication to WordPress and help keep your site safe from potential hackers.

Let’s take a look at the plugin we are going to use today and see all that it has to offer.

2FAS Light – Google Authenticator

2FAS Light plugin

2FAS Light – Google Authenticator is a smooth, simple to use, easy to set up plugin that allows you to add WordPress two-factor authentication to your site. It works by having users employ the  Google Authenticator mobile app to confirm their identity.

This is actually a free 2FA for WordPress and also works with other mobile apps that generate tokens including Microsoft Authenticator, Authy, Free OTP, 2STP, OTP Auth. All-in-all, you will be hard-pressed to find a better two-factor solution for WordPress that is as powerful as this one and also free to use.

Another great thing about this plugin is that you will not need to register or create any third-party accounts. The only thing we need to do is get the plugin installed, activated, and set up for use. From that point, you are good-to-go. 

The 2FAS Light plugin does not communicate with any external sites. All data needed to make the plugin work properly are stored in the WordPress database.

As stated above, the 2FAS Light plugin is free for all WordPress users. The moment you get the plugin activated and set up, you immediately protect your site from:

Let’s get the plugin set up and running together so that you can start to protect your site.

Set Up Two-Factor Authentication in WordPress

Step 1: Install and Activate the Plugin 

Before you can use WordPress two-factor authentication, you first need to install and activate the 2FAS Light plugin. You can do this by heading over to the Plugins page in the WordPress admin dashboard.

INstall and activate two-factor authentication for wordpress

Just use the available search field on the page and search the plugin by name. Once you see it pop up, install and activate it right from there.

Step 2: Go to the 2FAS Light Setup Page

Now that the plugin has been installed and activated, you need to head over to the main setup page. To do this, click on the “2FAS Light” link tab that is located on the left side menu area of the dashboard.

Click on 2FAS Light tab

You can see that this option has appeared because you activated the plugin. This will take you directly to the main configuration page. From here, you can configure the plugin and get it running properly on your site.

Step 3: Download Appropriate App to Your Smartphone 

Download the appropriate app for your smartphone. You are free to pick which one you want, but the Google Authenticator app or the 2FAS Authenticator app are the most recommended. They are both easy to use and easy to scan with.

Download the two-factor authentication wordpress app

Step 4: Scan QR Code 

Now that you have downloaded the app of choice, go ahead a scan the QR Code that is given. Just click on the “Show QR Code” button and scan the box that displays. You will use the app to scan the code.

Scan QR Code

Note: You can also enter your private key manually if you chose to do so.

Step 5: Enter the 6-Digit Token 

Once you scan the QR Code box from the previous step, you will be given a 6-figure token. Go ahead and copy and paste that token into the provided box and then click on the “Add Device” button.

Enter the 6 digit token

That’s it! You will now get a confirmation showing you that 2FA has been configured and enabled for your device and you are all set.

two-factor authentication in wordpress enabled

You can add more trusted devices if you need them. At this point, two-factor authentication in WordPress is set up and running. From here, when someone tries to log in to the site, the extra 2FA authentication step will be added.

Note: If you choose to uninstall or disable 2FA, then that extra step will just disappear upon login. You will need to go through the setup process again to enable it.

Are Password Alone Still Good Enough?

That is a good question, and it will depend on who you ask. In my opinion, it is never a bad idea to use WordPress two-factor authentication. It adds an extra layer of security and is not difficult to configure.

That being said, there are also so many other ways to secure a site that many people may not be as attracted to using 2FA. It can also be hard for some people to use, as not everyone may understand the concept behind it. This leads to site lockouts when they are not necessary. So, are passwords enough? Maybe, it depends on your password and password manager. 

This is going to be more of an opinion than anything else.

Final Thoughts

Setting up two-factor authentication in WordPress is actually not a difficult task at all. You simply need to know the tool to use and how to use it. The 2FAS Light plugin makes the task easy and fast, so if you are looking for an extra layer of security, then this is a great way to go.

I hope this tutorial was able to show you how easy it really is to add an extra layer of security to your site with 2FA. Simply use the plugin above and follow the steps even and you will be good-to-go.

What other tools have you used to get two-factor authentication working on your site? Have you found that using this is more of a hassle?

Author: Jeremy Holcombe

Growing up in Hawaii, Jeremy started his freelance writing career doing resumes, business plans, article writing, and everything in between. He now specializes in online marketing and content writing and is part of the Content Marketing Team at GreenGeeks.

Was this article helpful?

Related Articles

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.