Two-Factor Authentication (2FA) makes it far more difficult for hackers to breach your website, because as the name implies, Two-Factor Authentication requires two methods of verification in order for you to login.

Authenticator apps

Once 2FA is set up on a website, you can activate it for your login by using an authenticator app.

An authenticator app is a smartphone app that generates a temporary one-time password for the accounts that you save in it.

Download an authenticator app, if you do not already have one installed on a cell phone or tablet. There are many available for iOS, Android, and other platforms, including:

  • Google Authenticator
  • Sophos Mobile Security
  • FreeOTP Authenticator
  • 1Password (mobile and desktop versions) See: 1Password help
  • LastPass Authenticator
  • Microsoft Authenticator
  • Authy 2-Factor Authentication
  • Any other authenticator app that supports Time-Based One-Time Passwords (TOTP)


Login to WordPress. You will see a message at the top of your screen that says “You do not currently have two-factor authentication active on your account, which will be required beginning (date)”.

  1. Click the link: “Configure 2FA”
  2. Scan the QR code with your authenticator app on your phone
  3. In WordPress, enter the code from your authenticator app, then click ACTIVATE
  4. New codes are generated approximately every 30 seconds, so if it changes, just enter the new code
  5. Download Recovery Codes. This gives you some backup codes that you can use, in case you lose your phone or tablet where your authenticator app is installed.

Next time you login, you will be required to enter your username and password, and then you will also need to enter a code from your authenticator app.