Airtight Design


Atlanta web development & internet consulting

Contact us to get a ballpark quote for your new website. We will also visit your place of business anywhere in metro Atlanta.

659 Auburn Ave. Suite 251, Atlanta, GA 30312

"*" indicates required fields

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Check out our other posts

Atlanta Web Design Blog

Securing Your WordPress Site with 2FA

Securing Your Website: WordPress + Two-Factor Authentication

In this post I am going to discuss a simple, effective way to make your WordPress site much more secure by implementing two-factor authentication, also referred to as “2FA”, for your user accounts. I would imagine that most people are already using it even if they aren’t familiar with the term itself. If you aren’t familiar with the term two-factor authentication, I will explain what it means.

Two-factor authentication is the idea that a username and password are not the only two pieces of information that someone needs to have in order to log into their account. A second factor, in addition to the password, is required in order to be authenticated. This can be a text message sent to your phone when you enter your username and password, an email with a code, or a randomly generated code that changes every 30-60 seconds. There are even hardware devices that you such as the Symantec VIP Hardware Authenticator, a small physical device that generates codes for you to use when logging in.

Most websites that deal with sensitive information are starting to require this for everyone because of the insecurity of only using a password and people reusing the same password for many of their accounts.

You can leverage this security on your own WordPress site with a plugin called WordFence. WordFence is a good plugin to be using even if you aren’t using 2FA. It will give you a summary of the overall security on your WordPress site and make recommendations for things you can do to make your site more secure.

This is not going to be a comprehensive walkthrough but rather a high level explanation of the steps to take.

Here is a high level overview of what you need to do to implement WordFence for 2FA, or alternatively, have Airtight Design help secure your website!

1. Install the Wordfence Security Plugin
  • Log in to your WordPress Admin Dashboard.
  • Navigate to Plugins > Add New.
  • In the search bar, type “WordFence”.
  • Click Install Now next to the Wordfence Security plugin.
  • After the installation is complete, click Activate.
2. Set Up Wordfence
  • Once activated, you’ll be guided through an initial setup wizard.
3. Enable Two-Factor Authentication (2FA)
  • After setup, navigate to Wordfence > Login Security from your WordPress dashboard.
  • Under the Two-Factor Authentication tab, you’ll see an option to enable 2FA.
4. Configure 2FA for Users
  • To require 2FA for all users, go to the Settings section on the same page.
  • You’ll see options to enable 2FA for different user roles, such as Administrators, Editors, Authors, etc.
5. Set Up 2FA for Individual Users
  • Each user will need to configure their 2FA.
  • Users should go to Users > Your Profile (or Profile if accessing their own profile).
  • In their profile, they will find the Two-Factor Authentication section.
  • They need to scan the QR code using an authenticator app (like Google Authenticator or Microsoft Authenticator) on their mobile device.
6. Require 2FA for All Users
  • After users have set up 2FA, it will be required for them to log in.
7. Backup Codes
  • Users should also generate and save backup codes, which can be used to access the site if they lose access to their authenticator app.
  • Save these codes somewhere you would keep sensitive files or information that you don’t want anyone else accessing.
8. Testing
  • Test the 2FA setup by logging out and logging back in to ensure that 2FA is functioning as expected.

Seem daunting? Contact us! This is one of many items Airtight Design’s list of security touch points for building professional, secure WordPress sites.

Have a project you’d like to discuss?

Fill out the form below and let’s have a conversation.

I'm Interested In
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Related Blog Posts

Code for a WordPress plugin

Open Source Day: Airtight creates a WordPress plug-in in 8 hours

How much can a dedicated team of web developers accomplish in single day of frantic …

A photo of a woman working on a laptop

The Art Form of Web Forms

Make it easier for clients to gather data from site visitors Practically every new site …

new website on a desktop monitor and smart phone

Launch Announcement! Check out Valentino & Associates website upgrade

We are thrilled to announce the launch of Valentino & Associates’ new website, which is much more than just a pretty face.