Strong passwords are good for WordPress security, but they aren’t always enough. Especially if your password is one you reuse across many sites (but even if not), you’ll sometimes want to consider a two-step authentication in WordPress. That means that you’ll first fill in your WordPress password, and after that is filled in, you’ll be prompted for another code. Most often, this is a 6-digit number which changes every thirty seconds. Most people have probably experienced a 2-Factor Authentication flow (via a phone SMS message) of this kind from their bank or Facebook account.
To get two-factor authentication in WordPress, you have a lot of options. One that I’ve used with good success is iThemes Security Pro—it’s the premium version of the free iThemes Security plugin we covered in my last Quick Guide. Like any 2FA system, you’ll be shown a QR code on your WordPress site, scan it using an app like Google Authenticator or Authy (my preference), and then use that app to get your codes in the future.
The big security benefit of this is knowing that your password (or even your time-series code) is not enough to get access to your WordPress site. If you’re looking for the best WordPress two factor authentication plugin, definitely give iThemes Security Pro a look. Here’s how to use it:
4 Steps to Use iThemes Security to Enable WordPress Two Factor Authentication!
- First, you’ll install and activate the iThemes Security Pro plugin. This requires a purchase from iThemes, which will give you a ZIP file.
- To install the ZIP file, click “Upload Zip” on the “Plugins > Add New” screen. You’ll also need to put in your license key.
- Once installed, navigate to “Security > Settings.” Find the “Two-Factor Authentication” card and make sure it’s on. You’ll have the option to configure settings, but the normal ones are probably more than fine.
- Once set up, you’ll need to configure it for your account. For new accounts, you’ll be prompted as you login. For other accounts, you’ll be stepped through the process on the “Users > My Profile” screen. Helpfully, the process also lists phones apps you can use. Pick one, get to it’s “Scan a barcode” screen, and use it on the QR Code presented by iThemes Security Pro. Now you’re set up to login securely to WordPress with two factor authentication. 🙌
How to Login Using 2-Factor Authentication with iThemes Security
- To login with the two-step authentication from iThemes Security Pro, you’ll login as normal. (Check out this Quick Guide if you want details on that.)
- Then, pull up your phone app when you’re prompted for a six-digit code. You’ll get it from your app and type it into the box. Once entered, you’ll be sent to the WordPress Dashboard, as usual.
Cheers, and congratulations on upgrading your login security in WordPress!