Setting Up Two-Factor Authentication (2FA) Using Wordfence

Two-factor authentication, sometimes called 2FA, is an important part of any website’s security. Once activated, 2FA requires you to enter a 6 digit code generated by an authenticator app (like Google Authenticator) before you can access the back-end of your WordPress website.

Note that there is not an option to email or send a code via SMS or email as these methods are inherently insecure.

1. When your WordPress user account is setup you will receive an email with a link to set your password for the first time.
   
2. Click the link in the email. You will be required to set a password (don’t forget to save this password as you will need it to login).
3. Once you set your password you are taken to the login screen. Login using your username and password.
4. After logging in for the first time you will see a yellow banner at the top of the WordPress dashboard. Click on the “Configure 2FA” link.
   
5. Clicking on this link will take you to the 2FA setup page. Open the authenticator app on your phone and scan the QR code. Your website will be added to your authenticator app instantly. If you need help setting up Google Authenticator on your phone you can visit Google’s support pages to learn more.
   
6. You will see 6 numbers on your screen and a timer on the right side. These codes expire after a few seconds so you need to act quickly. If the numbers are flashing red, wait until the timer resets (entering an expired code will not work).
7. Enter the 6 numbers int the box on the lower right hand side of the 2FA setup screen and click the Activate button.
   
8. You will see a pop-up window asking you to download a set of recovery codes. You do not have to download these codes but they are helpful if you lose your authenticator device (usually your phone) as you can not log into the website without your code. If you don’t have the recovery code your website administrator can always help you login after losing your authenticator device.
   
9. Now when you login to the website you will be required to enter your username and password, as normal. But you will also require the 6 digit authentication code from your authenticator device.