These steps will help you enable two-factor authentication on your Loclweb WordPress website. It's a great way to keep your website super secure.
Two-factor authentication (2FA) works by requiring you to log in with something you know (your password) and something you have (your smartphone or another device). If someone gets ahold of your password somehow then they still can't log into your account without the token from your authenticator app. If someone gets ahold of your authenticator tokens then, well you just lost something really expensive!
When you enable 2FA on your website, part of the login process (after you enter your password) will be to enter your 2FA token. It's a simple way to add another layer of security to your website. The code refreshes every 30 seconds so it can't be used long. That also means you need your device right in front of you when you log in.
Download A Two-Factor Authentication App
You need a two-factor authentication app in order to use 2FA. The app will constantly refresh itself (every 30 seconds) with a new token which is usually a six or seven digit number. We've included links to two authenticator apps that you can download. There's an Android and iOS version of each one.
The app on your smartphone (or another device such as a smartwatch or even computer) is an essential part of two-factor authentication. You must download your choice of app but not both. There's no benefit (just confusion) to having more than one authenticator app so test them out and pick your favorite.
Enable Two-Factor Authentication
You have to enable 2FA on your website and set it up in your preferred app to get an authentication token. Setup for 2FA is easy but you must first log into your Loclweb WordPress website dashboard. Once you've logged in then you can access the proper screen to set up 2FA.
Open Login Security Screen
Our two-factor authentication is provided through the Wordfence security plugin. You can access the setup screen from the Login Security option on your Loclweb WordPress admin dashboard.
Click Login Security.
Link Your Website To Your Authenticator App
You'll see the following screen when you click on the Login Security menu. This screen has everything you need to set up two-factor authentication including a backup code that you should save in a safe place.
Every authenticator app is different so I'm going to assume you know the basics of how to use it. Most of them are simple to add a new account (that's what Authy calls them). You have to tap add a new account and then you can scan the QR code from your website.
- Scan the QR code on your website. There's also a code available if your app can't scan QR codes or your camera doesn't work. Your authenticator app will take the QR code and generate a special code for you that refreshes every 30 seconds.
- Download the recover code or save it in a safe place.
- Type in the code from your authenticator code.
- Click the activate button.
Test Your 2FA Authentication
Before you forget about the setup make sure you test it. Log out of your account and then go to the login screen again. After you enter your username and password to log in you should see the 2FA Code screen.
You can remember your 2FA authentication for 30 days on the device you used to log in. This memory is tied to your device and not your login credentials.
That's it! Your two-factor authentication is set up and now your website is extra secure.