When running a WordPress site, security should be first and foremost at the front of your mind. One of the best ways to prevent malicious users from accessing your
/wp-admin area is enabling two-factor auth (2FA) for WordPress.
The first step to getting two-factor auth enabled for your WordPress site is to install Wordfence. To do that:
- Log in WordPress and go to Plugins.
- Click “Add New”.
- Search for “Wordfence”
- Install and activate Wordfence
Now that Wordfence is installed you’ll need to enable and configure two-factor auth. To do that click the “Wordfence” menu that appeared after activation and then go to the “Login Security” sub-menu.
Now you’ll need to choose two factor authentication. I personally use FreeOTP (iOS, Android). Once your authenticator application is installed, scan the code and create the authenticator entry on your phone. Be sure to download your recovery codes too, just in case your phone is bricked, lost, or otherwise unavailable.
Testing Two-Factor Auth Out
Now that two-factor authentication is enabled for your WordPress site, you need to try it out! Log out of your admin, and now when you log back in you’ll be presented with this screen:
Go to your authenticate app, press the entry for your site, enter the code, and log in!
Wordfence makes is really easy to set up 2FA on WordPress. With it being this easy, it’s hard to justify not having it. After all, even if someone manages to get your password they still won’t be able to log in unless the can compromise your phone too. If you’re worried about performance, this feature of Wordfence doesn’t effect your site’s performance in a meaningful way (which can not be said about Wordfence’s other features). All in all, the Wordfence team has done a great job making this level of security accessible to the wider WordPress community.
Need automatic updates for your premium plugins & themes? Check out Kernl.