How to Enable Two Factor Authentication for Your WordPress Website?


Right from the moment you make your website go live on the web, people start tries to hack it. They are insane given that they don’t get any benefit by hacking a new site.

In order to add an extra layer of security, you can set two-factor authentication on your site. Simply put, it is an OTP code, which you get via SMS or any other exclusive communication channel.

In this tutorial, I am going to help you implement OTP on your WP site.


Enable Two-Factor Authentication on WordPress

I don’t recommend you go with this if you are a person who often loses your phone. Are you sure about implementing two-factor authentication? Then, follow the steps given below.

Step 1: First, you have to install a plugin named Authy. I know there are a lot of two-factor authentication plugins available on WP repository. Nonetheless, I chose to go with this.

Step 2: I hope you know how to install a WordPress plugin. Once you install it, have a look at the sidebar and follow Settings>> Authy.

Step 3: What you get is the configurations for settings up the security. In order to continue with it, you must provide the API key. Well, how can you get one?

Head over to authy.com and create an account there. You will get an API key then.

Step 4: Once you grab the API, copy and paste into the field given on the Authy settings page. Don’t forget to hit Save changes.

Step 5: After saving the changes, you should go to the page of the user, for whom you want to set up the two-factor authentication. Don’t know how? Click on users. You will get a list here.

Step 6: Choose the user you want from the list. Scroll down to the bottom. You can see a button that reads Enable/disable Authy. Clicking on it at this step will allow the authentication.

You have to provide a phone number there. (Alternatively, you can install the Authy app and sign into the account. Once you do it, the app will automatically connect you with the WordPress site).

Don’t forget to choose the correct country as well. If you go with the wrong selection, you may temporarily lose the access to your site. Then, hit Update Profile.

There you go! When you need to log into your site, first you will have to access the login page. As usual, you will get the username and password fields. After you enter both the credentials, you will get a new area to enter the Authy token. You will get the code on the application if you use it. Or, you receive the token via a text message on your phone.

What if You Lose Your Phone or SIM?

There are two options. The first one is installing Authy app on your new phone and signing into your old account. You will get the token there each time you send a login request.

If you want to disable the authentication without accessing the admin panel, you have to use a file manager or FTP application. Go to wp-content>> plugins. There you can see a folder named authy-two-factor-authentication. Simply, rename or delete the folder. That’s it.

Authy Alternatives

Alternatively, you can check out this article to enable two-factor authentication on WordPress blog.

Wrapping Up

I hope you know how to enable two-factor authentication on your WordPress website now. As stated earlier, Authy isn’t the only plugin you can use for this purpose. I have given a list of some other plugins above. You should check them out in case you didn’t like my pick.

Leave your comments below if you come across any issues.