WordPress Tutorial

How To Enable Two-Factor Authentication on WordPress

Generally, you only use a username and a password to log in to your WordPress Admin Area. If your password is stolen or guessed, someone else can now login to your management panel. Two-Factor Authentication (2FA) protects against password theft or re-use, phishing, and key-logger attacks. In short, the access to WordPress Admin Panel will be blocked to everyone, unless a special code found in your mobile phone is entered. Two-Factor Authentication is a great way to add an extra layer of security to your website. In this tutorial, you will learn how to enable two-factor authentication for WordPress.

What you’ll need

Before you begin this guide you’ll need the following:

  • Access to WordPress Admin Panel
  • Time-based one-time password (TOTP) application on your smartphone
  • FTP Access (Optional)

Step 1 — Choosing a plug-in

There are quite a few WordPress Two-Factor Authentication plugins to choose from, such as:

In this guide, we will be using Authy Two Factor Authentication

Step 2 — Installing the plugin

You can install the Authy plugin by following this link. A detailed guide on how to install WordPress plugins can also be found here.

Step 3 — Setting up the plugin

Once the plugin is installed, you will need to take several others steps for the security features to be fully integrated. First of all, you will need to create an account on Authy and get an API key.

In order for the plug-in to work, you will need to copy the API key via WordPress Admin Panel -> Settings -> Authy section.


Once the key is entered, you will need to navigate to WordPress Admin Panel -> Users and enable Two-Factor Authentication for your user(s).

WordPress users

After selecting a user, scroll to the bottom and press the Enable/Disable Authy button.

Enable/Disable Authy

Enter your phone number and press Continue. If you have the Authy application on your smartphone, your WordPress user will be automatically added there (if not, you will receive a text message with a code each time you try to login with the user).

Enable/Disable Authy Phone verification

You can test the plug-in by logging out of your WordPress Admin Panel and logging in again. Here is the screen that you will be prompted after entering your login credentials:

Two-Factor Authentication WordPress screen

Step 4 (Optional) – Disabling Two-Factor Authentication

In case you lost access to your phone and have no way of accessing your WP Dashboard, you can easily disable the plug-in using File Manager or FTP client. You will simply need to navigate to wp-content -> plugins and rename the folder authy-two-factor-authentication. For example, you can set it to authy-two-factor-authentication.disabled so that it would be easier to know which plugins you disabled manually. In order to re-activate it, set the name to the original value and it will work once again.


By following this guide you have learned how to enable Two-Factor Authentication for your WordPress site. Now, even if someone got a hold of your WP Dashboard password, you would not need to worry in the slightest. Since the plug-in allows you to enable this feature for other WordPress Dashboard users, you can also secure the users of your editors, website developers and others.

About the author

Gediminas B.

Gediminas was a passionate content writer and SEO geek at Hostinger. He started his journey at customer support and aims to use his gathered knowledge to create the most epic content the world has ever seen. From WordPress to server management, there's no topic he can't cover! He also likes cats.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Exclusive Content

Join thousands of webmasters who get our free newsletter with tips on how to drive more traffic and revenue to their websites!

Please wait...

Thank you for sign up!

More in WordPress Tutorial
How to Add PHP Code to WordPress Post or Page