Two factor authentication (2FA) is a crucial part of keeping your website secure. We recommend that when you initially create accounts for new users, you should only give them Subscriber access and wait for them to set up 2FA before elevating their permissions (always good to give people an incentive!). The user will need to follow these steps:
- First download an authenticator app (e.g. Microsoft Authenticator or Google Authenticator) onto your phone. These apps can be found on both Google Play and the Apple App Store.
- Then go to the Two Factor Auth page in WordPress
- Use the authenticator app to scan the QR code and add the account so that your site is listed in their app. The temporary code that shows up in the app should match the one that shows up on the screen.
- Click ‘enabled’ and [save changes].
Once 2FA is set up, the user will need to enter the 6 digit code on their phone every time they log in. This code will change every minute.
*Site admins can tell if this has been done by looking for the green tick on the User list. Once you can see they have the two factor authentication set up, you can then change their role from subscriber to editor, contributor or author.