Security and WordPress

How to enable two-factor authentication on WordPress?

BIG linden / Support Docs / How to enable two-factor authentication on WordPress?

Security and WordPress


We are looking to increase the security of our WordPress site by adding two-factor authentication. What is the best way to set up two-factor authentication in WordPress?


The client needs assistance with implementing two-factor authentication on their WordPress website.

How to enable two-factor authentication on WordPress?

Setting up Two-Factor Authentication (also known as 2FA) for your WordPress website can help significantly improve your overall security. This adds an extra layer of protection, making it more difficult for unauthorized users to gain access.

You can easily add Two-Factor Authentication to your WordPress website using one of several available plugins.

Here are a few plugins that we recommend checking out:

Google Authenticator

The Google Authenticator plugin provides a secure and user-friendly way for administrators or bloggers to authenticate their identity using Google’s 2FA API. Made by miniOrange, the tool works well if you require using the Google API for validation.

Two Factor

The Two Factor plugin supports multiple ways of handling the second layer of authentication including text messages, email codes, single use backup codes, and even hardware keys.

Wordfence Security

In addition to being one of the best security plugins for WordPress, Wordfence also includes robust 2FA functionality. The free version of Wordfence includes two-factor authentication using TOTP and QR Code standards; additionally, it is fully customizable.

Enabling 2FA

To enable two-factor authentication, follow these general steps:

1. Choose a reliable 2FA Plugin: Start by selecting a 2FA plugin from the options listed above or others available on WordPress marketplace. Remember that reliable means regularly updated and highly recommended by users.

2. Install the Plugin: Like any other plugin you download it and install it onto your website through the ‘Plugins’ tab in your dashboard.

3. Activate the Plugin: Once installed, activate it.

4. Navigate to settings: Locate where you can manipulate this plugin’s features by navigating through settings.

5. Adjust Settings: Each plugin will have specific directions on how you should proceed with setting up 2FA according to its features but fundamentally, select which roles in your Website will require 2FA and other such decisions.

6. Guide Users: If your website has multiple users, like authors, editors etc. they should all be guided on how to set up their accounts for 2FA for increased security.

Remember, not everyone is comfortable with technologies like Two-Factor Authentication and often require some additional explanation. It could be a good idea to create an easy tutorial for your authors or team members who might struggle with setting it up.

Before implementing any significant changes to your website’s operation, always remember to take a current back-up of your site – just in case anything goes wrong. Always remember to test user logins from non-admin accounts too; try it out thoroughly before pushing live to make sure no scenarios are missed which might lock genuine users out!

Additional reading

  • Here are some helpful resources where you can learn more about two-factor authentication.
  • “Setting Up Google Authenticator for WordPress” by WPBeginner
  • “How To Enable Two-Factor Authentication on Your WordPress Site Using Google Authenticator” by Liquid Web.

More articles about Security and WordPress

More articles related to and .

Capabilities related to Security and WordPress:

Prevent attacks, regain control of your WordPress website with Enterprise security solutions.
Move your website from Wix to WordPress and get the website you need.


Get a 30 minute 1:1 consult with a BIG consultant and get a 7 page report on making digital work in your organization with key insight into paths for success and playbooks just for your unique needs.

Please understand not all requests can be met. Please contact us with any questions.