Two-Factor Authentication for WordPress

Two-factor authentication is a fancy term for “additional security”. Having a password for your account is “one factor authentication”. Adding an additional “factor” — like receiving a code by SMS — is like having two locks on your door. If a burglar gets hold of one key they still can’t gain access.

Typically two-factor authentication works like this:

  1. You start by logging in to your account in the usual way by typing your password
  2. When this is accepted, you then need to type in an additional (usually numeric) code that is either sent to you by SMS or is generated by an authentication app.

The absolute simplest way of setting up two-factor authentication for your WordPress site is to use Jetpack’s inbuilt two-factor authentication service which is based on the secure WordPress.com accounts.

Once you install Jetpack you can choose to allow users to login using their WordPress.com accounts and set a requirement for two-factor authentication.