How to Add Two-Factor Authentication in WordPress?

How to Add Two-Factor Authentication in WordPress?

Two-Factor authentication is a very good feature and you can easily add it to your WordPress website to improve your security of the website.

You may have seen that, Facebook, Pinterest, Twitter, and more websites allow you to enable the two-factor authentication in your account and keep all data secure.

So in this tutorial, we will see how we can add a two-factor authentication feature in the WordPress website to secure login access, so no one can access it without your permission.

What and Why Two-Factor Authentication?

Two-factor authentication is a feature to make your website more secure from hackers by adding additional layers to login access.

You can authenticate with an SMS, email code, or authentication app. It means when you have enabled this two-factor feature on your site then if you try to log in it will ask you the code that has been sent to SMS or email. Without that code, you cannot log in to the website.

Tip: I will recommend adding two-factor authentication in by SMS app code.


As you understand it is the ability to keep the secure website from bad persons, so you don’t lose any data. Let’s take a scenario of why you should add a two-factor authentication feature to your WordPress website.

Suppose your website’s username and password steal by hackers but they still cannot log in to your site. Because you have already enabled the two-factor authentication. And you need to enter the security code that is sent on your email or phone SMS. So you will not lose any website data.

Let’s see how to add two-factor authentication to the WordPress website by using the plugin.

Add Two-Factor Authentication to WordPress

To add two-factor authentication to WordPress, we going to use the Two Factor plugin. So follow the below steps one-by-one.

Simply first install the “Two Factor” plugin and activate it. You can check details about how to install the WordPress plugin.

After installation, navigate to Users > Profile or any other user’s profile page where you want to enable the two-factor authentication. And you will see the two-factor option section by scrolling down.

users profile TFA

In the above image, you can see the two-factor has 4 options that you can use to secure login access. You can enable all the authentication options and set one of the primary authentication processes.

In this tutorial, we will discuss the first two main methods, the third methods need additional third-party resources like FIDO U2F. And the last method is for backup safe login, which means you failed to authenticate for any reason then you can use that backup verification code to access the login.

Authentication by Email

To enable the email two-factor authentication, you have to check on the checkbox for the Email option and make it primary and then update the profile. Make sure the user profile has an email id because it will send the authentication code on that email.

email TFA

After enabling this method, whenever you will try to login into your WordPress site two-factor plugin will send the authentication code.


Check your email and enter that authentication code into the Verification Code input box like in the above image and then click on the Login button. You will see, now are able to access the admin dashboard.

If you don’t receive any authentication code you can resend by clicking on the Resend button.

Authentication by TOTP (Time Based One-Time Password)

To enable the TOTP (Time Based One-Time Password) two-factor authentication, you have to check on the checkbox for the TOTP option and make it primary and then update the profile.

Time Based One-Time Password (TOTP)

In the above image, you can see the QR code. This QR code you need to scan with a QR reader or phone camera. When you scan it will show the popup on your smartphone and ask you which authenticator app you want to launch.

The authenticator is an application that you can download from the play store of your phone. Some authenticator apps like Google Authenticator, Microsoft Authenticator, Authy, etc that you can use.

So after launching the authenticator app, it will give you a one-time password code, and that code you have to enter in the Authentication Code box and submit it.

Time Based One-Time Password (TOTP) Code

When you click on the Submit button it will generate a secret key and associate with the authenticator app. Now the same process will run, when you go to a login WordPress site, it will ask for the authentication code generated by the authenticator app.


So in this tutorial, you learned what is two-factor authentication and why you should enable it for your website. You also learned about how you can add a two-factor authentication feature to your WordPress website to make it more secure from hackers.

If you have any queries related to this or anything please ask me in the comment section, I will respond to you as soon as possible.

You May Also Like

About the Author: Aman Mehra

Hey! I'm Aman Mehra and I'm a full-stack developer and have 5+ years of experience. I love coding and help to people with this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *