How to Use WP 2FA for WordPress

How to use WP 2FA for WordPress - header image

WP 2FA was created by WP White Security to provide two-factor authentication for your WordPress site.  Two-factor authentication (2FA) is used to increase login security for a website.  It helps to keep intruders from accessing a site through weak or compromised passwords. 

WP 2FA includes options for authentication, WordPress user/role policies, and re-directs. The plugin was designed to allow you to immediately implement 2FA to your WordPress site using a step-by-step wizard. 

This tutorial will guide you through the setup process and explain the options for 2FA in the plugin.

Setting Up Two Factor Authentication with the Wizard

The installation of the WP 2FA plugin for WordPress can be done through the WordPress Administrator Plugins page or the WordPress.org Plugins directory.  The steps below require that you are logged into the WordPress Administrator Dashboard.

NOTE: If you intend to enable two-factor authentication immediately after the installation of the plugin, then you must have an authenticator application or email address that you can use for verification. The wizard for the 2FA setup will immediately appear after the installation and activation of the plugin.

  1. Click on Plugins.
  2. Click on Add New.
  3. Search for WP 2FA by WP White Security
  4. Click on the Install Now button.
  5. When the installation completes, click on Activate.

When you activate the plugin, you will immediately see the wizard start.  This will allow you to immediately enable 2FA for your site and create a policy that applies to your users. The policy defines who needs to use 2FA and how it will be authenticated.

  1. Click on “Let’s get started!

    Start of WP 2FA wizard
  2. Next, choose the authentication options that your users can use.  The app version typically runs on a mobile device like a smartphone or tablet.  For example, Google Authenticator is a commonly used authentication app.

    WP 2FA - Wizard page 2
  3. Determine who will be required to use 2FA.

    WP 2FA wizard page 3
  4. If you had chosen to enforce only specific users or roles, then you will need to specify the users and/or roles required to use 2FA.

    WP 2FA wizard page 4
  5. Specify any users or roles that would be excluded from using 2FA.

    WP 2fa wizard page 5
  6. You can set a grace period to allow people to set up 2FA.  If you do not set a grace period, then they will be required to set it up when they log in.

    WP 2FA page 6
  7. The overall 2FA policy has been set in the previous six steps.  The next part is configuring 2FA for your user account (the person setting up the plugin). Click on Configure 2FA now.

    WP 2FA wizard page7
  8. Choose how you will authenticate when using 2FA – Authenticator app or email. This tutorial will be using the authenticator app.  Click on NEXT STEP.

    Select 2FA authentication
  9. With your Authentication app, scan the QR code displayed on the screen or type in the code. 

    Use Authenticator to verify
  10.   When your authenticator app has created your account, click on I’M READY.
  11. Type in the code displayed in the authenticator app, then click on VALIDATE & SAVE.
    Enter authentication code
  12. 2FA is now active for your WordPress user!  You can generate and download the backup codes or choose to do it later.

    Generate backup codes

Setting Up Two Factor Authentication without the Wizard

Creating the policy and activating 2FA for your administrator user without the wizard requires that you go to each option on the settings page yourself.  When you set up 2FA for your user, you must go to your user profile to enable it.

Creating a 2FA Policy

  1. In the WordPress Administrator Dashboard, click on WP 2FA.
  2. Click on Settings.

    WP 2FA Settings page
  3. Choose the 2FA authentication method – application or email (or both). The option to use email also includes an option to let the user choose the email to use.
  4. Click on the checkbox to enable Backup codes. Uncheck it to remove the option.
  5. Determine who will be required to use 2FA.
  6. Determine who will be excluded from the requirement to use 2FA.
  7. Determine the grace period for users to set up 2FA.  You can also choose not to have one and make users configure 2FA when they log in.
  8. Scroll to the bottom of the settings page and click on the Save Changes button.

WP 2FA Plugin Options

The WP 2FA plugin includes a few options that affect the use and management of 2FA for your users.  

Redirect

This option allows you to redirect your users to a specific web page after successfully completing the 2FA setup wizard. Here you can add further information or a message that you want to share with your users.

Access to the WordPress User Profile Page

This option is useful when you have custom profile pages or do not permit users to access the WordPress dashboard.  When enabled, the plugin automatically creates a page that only authenticated users can access.  This page is used to configure their 2FA settings. This link is made available to users in an email sent when 2FA is enabled.

Hide the Disable 2FA Button on the User Profile Page

This option allows you to hide the option to Remove 2FA on the User Profile page. If you hide the button, then the user cannot disable 2FA.


The WP 2FA plugin is a simple and easy plugin that allows you to enable two-factor authentication for your WordPress site.  If you need a quick way to implement 2FA, then this plugin provides the options you need.

Did you find this article useful?