How to Enable WordPress Two-Factor Authentication

How to Enable WordPress Two-Factor Authentication

In this tutorial, you will learn how to enable WordPress two-factor authentication. Let’s check it out!

What Is WordPress Two-Factor Authentication?

Two-Factor Authentication or 2-Step-Verification is a great way to add an extra layer of security to your WordPress website. It secures your site against password theft, phishing, and even brute-force attacks. It makes it impossible for anyone else to access your admin panel without a unique code.

In other words, even if someone manages to guess your password, they’d still need another piece of information sent to your mobile device.

Enabling WordPress Two-Factor Authentication

The easiest way to enable Two-Factor Authentication (2FA) is through a plugin called Google Authenticator. Firstly, log in to your WordPress dashboard and install the plugin.

Once the plugin is installed and activated, there a few things you need to do to set it up:

  1. Go to the Settings -> Google Authenticator.
  2. Change the settings as needed. In this example, we’re enabling 2FA for sites’ administrators and editors.Changing Google Authenticator settings for WordPress user roles
  3. Once done, press Save Changes then head back to Installed Plugins. You’ll be redirected to another settings page with a QR code scan.Verifying Google Authenticator code in WordPress
  4. Download the Google Authenticator app on your phone and scan the QR code.
  5. Insert the generated code on your phone in the Authenticator Code field and verify it.
  6. That’s it! You have successfully enabled WordPress Two-Factor Authentication for your site.

Next time you log in to your WordPress, you’ll be asked to provide the code on your phone.

ProTip! Remember that the code on the mobile app changes every 30 seconds, so we strongly recommend keeping the app installed.

Disabling WordPress Two-Factor Authentication

If you lost your phone or have no other way of accessing your WordPress Dashboard, you can easily disable the plugin by using the File Manager or an FTP client.

You will need to navigate to wp-content -> plugins and rename the plugin folder by putting the word disabled separated by an underscore ( _ ).

Disabling Google Authenticator Hostinger's File Manager

It will immediately deactivate the plugin for your WordPress account. If you want to re-activate it, set the name to the original value and it will work again.


There you have it! By following this guide, you have learned how to enable WordPress two-factor authentication for your WordPress site with a free Google Authenticator plugin. Now, even if someone gets a hold of your password, you don’t need to worry. Culprits won’t be able to get in without the generated code that changes every few seconds.

The author

Domantas G.

Domantas leads the content and SEO teams forward with fresh ideas and out of the box approaches. Armed with extensive SEO and marketing knowledge, he aims to spread the word of Hostinger to every corner of the world. During his free time, Domantas likes to hone his web development skills and travel to exotic places.