Unfortunately, passwords can be easily cracked. A password can appear on the dark web through a data leak, for example, a password can be intercepted by an attacker in various ways and a password can also be easy to guess. To arm yourself against the possibility of your password falling into the wrong hands, it is advisable to use two-factor authentication (2FA). With 2FA, a 6-digit code stored on another device is always required to log into a system. As this 6-digit code is renewed every 30 seconds using a clever mathematical method and is also stored on another device, it is very difficult for attackers to obtain this code as long as it is valid (for 30 seconds). We therefore strongly recommend not only using two-factor authentication wherever possible (many online portals already offer this option), but also using two-factor authentication for your WordPress website.

How it works

After you have logged in to a website, you will be asked for the 6-digit code. On your mobile phone, e.g. in the Google Authenticator app, you will be shown a 6-digit code for the respective website. Read this code and enter it in the query mask of the website and confirm it with the Log In button. However, make sure that you send the code before the timer has expired. If the remaining time of the timer is too short, wait until the time has expired and you will be shown a new code that you can enter and have another 30 seconds until the new code loses its validity again.

Setup

If you, your administrator or a developer you trust has installed Wordfance as a plugin in WordPress and has activated and configured two-factor authentication, you can activate two-factor authentication for your user as follows:

  1. Log in to WordPress
  2. Go to Wordfance in the main menu and then to the Login Security submenu item
  3. Switch to your mobile phone, install the Google Authenticator app via the Appstore (Android, Apple) and open the app.
  4. In the app, first click on Add code and then on Scan QR code (you may need to grant the app access to your camera).
  5. Scan the QR code on the previously opened login security page in WordPress and then enter the code generated by the app in the field as shown in the second image and click on the Activate button.
  6. Two-factor authentication is now activated and will request the 6-digit code from the app the next time you log in, as described under “How it works”.

If you have problems with the setup, or you need support to activate 2FA on your website, feel free to contact us.

Alternative apps to Google Authenticator

As an alternative there is also:

Overview of Security