How to setup Two Factor Authentication in WordPress using WordFence
Setting up two factor authentication is a simple but yet effective way to strengthen the security of your application.
What is Two Factor Authentication?
Two-factor authentication (2FA) is sometimes referred to as two-step verification or dual-factor authentication. It is a new standard in security process in which users provide two different authentication factors to verify themselves.
2FA is implemented for better protection of both the user’s account and the resources that account can access.
Two-factor authentication is implemented to provide a higher level of security than single-factor authentication, in which the user typically provide only a password or passcode.
Two-factor authentication methods rely on a user providing a two step authentication method. Typically, this is a password as the first factor and a second, different factor — usually either a security token or a biometric factor, such as a fingerprint or facial scan.
Two-factor authentication adds a layer of security to the authentication process. This makes it harder for attackers to gain access to a person’s devices or online accounts because, even if the victim’s password is hacked, a password alone is not enough to pass the authentication criteria.
How to setup WordFence 2FA
WordFence is an amazing and free security plugin, which offers a fast way to implement 2FA on WordPress websites and applications.
1. Choose an authenticator app
In order to authenticate yourself, you need to choose which authenticator app you’d like to use. There are a lot of authenticator app out there, and it mostly depends on personal choices and the devices you’d be using.
Google Authenticator is best if you are an android / windows mobile user or you are running iOS 14 or lower.
Apple just released its very own authenticator app which is inbuilt in their phones, tablets and computers. This feature is available on iOS 15, iPadOS 15, and macOS Monterey.
“If a site offers two-factor authentication, you can set up verification codes under Passwords in Settings — no need to download an additional app. Once set up, verification codes autofill when you sign in to the site“
Authy is a great app that works across devices, so you can have it on your phone and desktop computer at the same time.
2. Setup in WordPress and WordFence
We would have installed and configured the WordFence plugin for your application, so all you’ll need to do is to login into your account and to go WordFence -> Login Security.
Once there, you have to complete a simple step: scan or add manually the QR code in your authenticator app and verify your connection:
- Copy the code or scan the QR image
- Dowload and keep the recovery codes somewhere safe
- Input the 2FA code from your app
And voila’! You are all setup.
Now, from the next time you login, after your username and password, you will be required to add your 2FA code.