WordPress设置双因素验证指南及插件选择-光子波动网 | WordPress教程、Elementor教程与故障修复

Two-factor authentication (2FA) is used to protect your WordPress website from unauthorized access. While many WordPress users may think that setting up 2FA is cumbersome and complicated, it's actually not that hard.

I'll help you understand how 2FA provides an extra layer of security for your WordPress site and how you can easily set it up.

Two-factor authentication (2FA) is all about putting a double lock on your WordPress account to improve account security. Even if someone else knows your password, they can't get into your account without a second layer of authentication.

Here are a few common two-factor authentication methods:

One-time password: A password that you can generate via a widget or mobile app, or receive via SMS and email, that can only be used once and is valid for a maximum of 10 minutes.
biometric authentication: Use your fingerprints or face to prove it's you. Because these are unique, they are very secure.
Mobile Push Notification: When you try to log in, your phone receives a message to agree before you can log in.
Backup Code: If you can't use the primary authentication method, you can use this one-time alternate code to log in.
secret key: Authentication with a USB key or NFC card is very secure, as it requires a physical object to authenticate.

Two-factor authentication is a particularly secure way to log in, so if you want to make your account more secure, consider using more than two authentication methods.
Some apps let you pick your preferred method of two-factor authentication, the more common ones being TOTP (time-based one-time passwords) and mobile push messaging. If you use a password manager, they may let you set up a backup code in case you forget your master password.

Why does WordPress require two-factor authentication?

Setting up two-factor authentication (2FA) for WordPress is very important to secure logins. This is because a lot of websites get hacked for reasons related to passwords that are either compromised, too simple or reused. Luckily, with 2FA, even if someone knows your password, they can't get into your WordPress account without a second verification.

Why does your website need 2FA? Here are a few reasons:

Prevent password guessing: Hackers will try to use thousands of username-password combinations to try to log in, with 2FA this risk is greatly reduced.
Preventing unauthorized access: 2FA can help prevent people from accessing and modifying your WordPress site without permission.
Satisfy the requirements: There are times, such as in the healthcare industry, when 2FA is required by law to protect user data.
Protecting critical information: 2FA adds an extra layer of protection for your sensitive information and customer data.
Boosting user confidence: Turning on 2FA shows that you take security seriously, which can make users trust your site more.

In short, using 2FA gives you more peace of mind to focus on growing your business without worrying about security.

How to enable two-factor authentication in WordPress?

To set up two-factor authentication (2FA) in WordPress, you need two things:

A security plugin with 2FA functionality. We'll be using Wordfence here, which is a comprehensive security plugin that specializes in two-factor authentication.
An authentication application. You need to install an app on your phone or tablet that generates login codes, such asGoogle Authenticator,Authy,Microsoft Authenticatoretc. These apps create a temporary login password to help you securely log into your WordPress site.

With Wordfence and authentication apps, you can greatly increase your WordPress website security level. Next, we'll show you step-by-step how to turn on 2FA to protect your website content and user data.

1. Install Wordfence plugin and set up two-factor authentication application

To add two-factor authentication to your WordPress site, you'll have to connect the WordPress two-factor authentication plugin to an app that generates CAPTCHAs.

Let's install the Wordfence plugin:

In the WordPress dashboard, find "Plugins" and click "Add New Plugin".

Search for Wordfence Security and click Install Now!

activate
Follow the prompts to set up Wordfence and click "Get Wordfence License" to enable the free version.

click (using a mouse or other pointing device)"Get a free license"

Enter your email address and select "Yes". Tick the box to agree to the plugin's terms and conditions and click "Register".

Check your email for a license key. To make the process easier, select"Automatically install my license."The

You'll be back in the WordPress admin interface. Next, go to "Wordfence" and click on "Login Security".
Select "Yes", check the box to agree to the plugin's terms and conditions, and then click "Install License". Wait a few moments for the installation process to complete.

After installing the two-factor authentication plugin for WordPress, the next step is to download and install an authenticator app from the App Store onto your phone.

Some password management software, such as 1Password, can help you save passwords for two-factor authentication and one-time passwords. This way, you can keep both the password and the verification code in the same application.

2. How to set up WordPress two-factor authentication

Wordfence does not automatically enable two-factor authentication. To enable two-factor authentication for Wordfence, follow these steps:

Go to "Wordfence" and click on "Login Security".
You will see all the information about Wordfence two-factor authentication, including a QR code with an alphanumeric code and a recovery code. Leave this page open.

If you can't use the authenticator device, the recovery code can help you with emergency logins. Remember to download the recovery code and keep it in a safe place, such as your password management software.

Next, connect the plugin to the authenticator app on your phone as follows:

Open your authenticator app and find "Add Account" or similar option and click on it.

Scan the QR code on the dashboard with your app.
The app will give you a captcha based on the time change.
Go back to the "Login Security" screen in Wordfence and fill in the verification code in the verification code box.

strike (on the keyboard)"Activate."The

3. Repeat for other users

If your WordPress site has a lot of user accounts, it's best to have everyone use two-factor authentication (2FA) so that everyone is working together to secure the site.

Encourage each user to follow along as you set up the steps for 2FA: install the two-factor authentication plugin, download the authenticator app and create a backup code. If you have different user roles on your site, such as editor and author, involve them in the process as well.

As a site administrator, you can require all users to use 2FA. operate as follows:

Find the plugin settings in the Wordfence dashboard.
Change the 2FA setting to "Required" for all user roles.
Give the user some time (in days) to turn on 2FA, if they haven't already.

Of course, Wordfence is a great two-factor authentication (2FA) plugin on WordPress, and we have a selection of other great ones as well:

Two-Factor: This plugin makes setting up 2FA easy and friendly, and is a great way to improve the security of your site.
Google Authenticator for miniOrange: It works with Google Authenticator and is very reliable.
WP 2FA: Easily add two-factor authentication to your WordPress site with this plugin for enhanced protection.
All-in-One Security (AIOS): AIOS not only provides 2FA, but also other powerful security features, making it a good choice for comprehensive WordPress website protection.

Each of these plugins offers 2FA functionality to help you meet different needs and ensure a more secure WordPress site.

Finally, let's review the quick way to turn on two-factor authentication for WordPress sites

Install a WordPress plugin that supports 2FA, such as Wordfence.
Download an authenticator app, such as Google Authenticator or Authy.
Follow the instructions to enable two-factor authentication.
Get other users of the site (including collaborators) to use 2FA as well.

Contact Us
Can't read the tutorial? Contact us for a free answer! Free help for personal, small business sites!	Customer Service
① Tel: 020-2206-9892
② QQ咨询：1025174874
(iii) E-mail: [email protected]
④ Working hours: Monday to Friday, 9:30-18:30, holidays off