This plugin uses the industry standard TFA / 2FA algorithm creating One Time Passwords. These are used by many OTP applications that you can deploy on your phone etc.
A TOTP code is valid for a certain time. Whatever program you use (to provide you the code) shows a different code at regular very short intervals.
Setting up the plugin to enable 2FA
THIS IS FOR ADMINS ONLY
- Login to WordPress backend. (admins only)
- Install ‘Wordfence Security‘ plugin and activate.
- Go to ‘Wordfence >>Login Security’ on left hand side and enable 2FA Roles for user role that you want to setup 2FA then click save.
Enabling two-factor authentication for users
There are 2 elements to this:
- Install the authenticator app on your phone – there are loads but we would recommend ‘Authy‘. This provides the code that you enter into the login page that allows you access.
- Setting up your users to ensure they are using 2fa.
The instructions below cover each element:
Installing the phone app
- Install ‘Authy‘ application on phone or PC.
- Open Authy application and click “Add account” add your phone number so it can validate the phone and create your account/password.
- Login with your account
- Go to “users:
- Click “2FA” it will redirect to setup Two-Factor Authentication page. The system will now take you to the qr code page in wordpress
- Open Authy application click “Add account” then complete 2 steps as below
- Scan the QR code or Enter Key
- Enter name, ignore logo – SAVE
- Authy will now open a page with a 6 digit code in
(This continually changes)
- Enter this code in the bottom right of the WordPress page with the QR code in (see image)
- Press ACTIVATE
- You should now be activated – go to the users page and check
Logging in in future
- Everytime you login now the system will allow you to enter your username and password
- It then prompts you for the 6 digit reference that is on your phone.
- Enter this into the field and “et voila”