2FA – abbreviation for Two Factor Authentication, is one of the most popular authentication method for enhancing security of login procedures. On some websites it is mandatory, and on most other websites it is optional, like Facebook, Google, Steam, Discord. However, WordPress does not provide such feature natively. So we will have to use plugins to enable 2FA for our WordPress sites.
I have come across a plugin by authors of the popular backup plugin Updraft Plus, called Two Factor Authentication. It is super easy to use and can easily help defend against brute force attacks. It also serve as a second line security measure should your password be leaked to third parties. Your site is safe as long as your auth program is not compromised.
To start using, search for Two Factor Authentication in the Add Plugins page and install it:
Activating it is only the first step. You will need to setup 2FA for your account through the Two Factor Auth button:
You will need to use a free app to scan the code and use 2FA. I recommend Authy because it is free and crossplatform. It also provides a password function so in cases of device change you can still get all your accounts back easily.
Scan the code with your mobile 2FA app, and check if the current code matches the one displayed, if nothing else, select Enabled and save changes. There you go, the next time you login, you will be prompted to type a one-time password, otherwise you will not be able to login.
You can also choose to use a HOTP, however I believe TOTP is the best for general purposes. There are also more premium features available for a small charge, I do recommend if you need them. But free version is enough for basic security.