Enabling 2FA on your WordPress admin dashboard is a highly effective way to add an extra layer of security.
You can either enable directly in WordPress or implement it at the cPanel login level to secure access to cPanel and, in turn, your WordPress site.
It requires users to provide two forms of identification before accessing their accounts, significantly reducing the chances of unauthorized access.
Table of Contents
Here’s how you can do it using a popular plugin like Google Authenticator or Wordfence.
Method 1: Enable 2FA Using the Google Authenticator Plugin
- Log in to your WordPress Admin Dashboard.
- Install the Google Authenticator Plugin:
- Navigate to Plugins > Add New.
- In the search bar, type Google Authenticator.
- Install and activate the plugin called Two Factor Authentication by David Anderson or any other trusted Google Authenticator plugin.
- Set Up Two-Factor Authentication:
- Once the plugin is installed, go to Users > Your Profile.
- Scroll down to the Google Authenticator Settings section.
- Enable the checkbox for Enable Two Factor Authentication.
- Open the Google Authenticator app (available for Android and iOS) on your phone.
- Scan the QR code provided by the plugin, or manually enter the secret key.
- The app will generate a 6-digit verification code.
- Save Changes:
- Scroll to the bottom of the page and click Update Profile.
- Log in with 2FA:
- Now, when you log in to your WordPress admin dashboard, you will be prompted to enter your username, password, and the 6-digit code generated by the Google Authenticator app.
Method 2: Enable 2FA Using the Wordfence Security Plugin
- Install the Wordfence Plugin:
- In your WordPress admin dashboard, go to Plugins > Add New.
- Search for Wordfence Security – Firewall & Malware Scan.
- Install and activate the plugin.
- Set Up 2FA in Wordfence:
- Once activated, navigate to Wordfence > Login Security.
- In the Two-Factor Authentication section, click on the Two-Factor Authentication tab.
- You will see a QR code. Scan the QR code with your Google Authenticator, Authy, or any TOTP-compatible authentication app.
- Enter the 6-digit code generated by the app into the Wordfence setup form.
- Enable 2FA for Admins:
- Scroll down to see a list of user roles. Enable two-factor authentication for the roles you want (e.g., Administrators).
- Save your changes.
- Log in with 2FA:
- Next time you or any admin user logs in, they will be required to enter a verification code from the authenticator app in addition to the username and password.
Method 3: Using WP 2FA Plugin
If you want a dedicated plugin, WP 2FA is another great option.
- Install WP 2FA Plugin:
- Go to Plugins > Add New in the WordPress admin dashboard.
- Search for WP 2FA and install the plugin.
- Activate the plugin.
- Set Up Two-Factor Authentication:
- Go to the WP 2FA Setup Wizard under the WP menu.
- Choose your method (Google Authenticator or Email-Based).
- Follow the prompts to configure for your account.
Additional Security Tips for WordPress Admin Dashboard
- Use Strong Passwords: Ensure all admin users are using strong, unique passwords.
- Limit Login Attempts: Install a plugin like Limit Login Attempts Reloaded to restrict the number of login attempts and prevent brute-force attacks.
- Regular Backups: Use a plugin like UpdraftPlus to regularly back up your WordPress site in case of any security breach.
Conclusion
Enabling two-factor authentication significantly enhances the security of your WordPress admin dashboard by requiring an additional verification step during login. Whether you choose Google Authenticator or Wordfence, this extra layer of protection helps safeguard your site from unauthorized access and brute-force attacks.