How to Enable Two-factor Authentication in WordPress

How to Enable Two-factor Authentication in WordPress Hero Image

Providing two-factor authentication means that your WordPress login screen will be reinforced by another layer of security on top of your username/password combination. In typical two-factor situations, a mobile phone or hardware token is used as the extra layer. In this article, we’ll learn how to enable two-factor authentication for WordPress.

Using the Duo Security mobile app and WordPress plugin will send a push notification to your phone when a WordPress user attempts to log in. If the login is valid, you can accept and the user will be logged in. You can use this authentication approach for yourself or a whole team if necessary.

How to add two-factor authentication for WordPress

There are three phases involved in adding two-factor authentication for WordPress with Duo Security. First, you will need to set up an account on the Duo website. You will also need to install the Duo mobile app on your chosen device. Then, we will add the plugin for WordPress and configure it.

Creating your Duo Account

Follow along with the steps below to create an account and configure a WordPress protection on the Duo Security website.

  1. Create duo account screen

    Create a Duo account

  2. Click Applications

    Once logged in, click Applications

  3. Click Protect an application button

    Click the Protect an Application button

  4. Protect this Application

    Find the WordPress logo and click Protect this Application

  5. Get your keys and api hostname

    Under the Details, click to view your Secret Key (leave this window open in case you need to copy and paste these codes again)


Install the Duo Mobile app

Now is a good time to grab your favorite handheld device, like a smartphone or tablet, and install the Duo Mobile app.

Setting up the WordPress plugin

Now we are going to download and install the Duo Security WordPress plugin.

  1. Click Add New under Plugins

    In WordPress, click Plugins Add New

  2. Plugin Search

    Search for the Duo Security Plugin

  3. Click Install Now

    Install the plugin

  4. Click Activate button

    Activate the plugin

  5. Click Settings under plugin name

    After being redirected to the plugin menu, choose Settings under the new Duo Security plugin

  6. enter keys and API Hostname

    Fill in the keys and API Hostname from the Duo Security website

  7. Save Changes button

    Click Save Changes


You will be redirected to set up your device for two-factor authentication. If you choose to use your mobile phone (which is recommended), you will be prompted to insert your phone number.

When you get to the My Settings & Devices page, you see the When I log in: option. You have a few options. You can choose your authentication method in the moment or choose to have Duo always send a Push or a Call. If you are unsure which one you prefer, you can leave the option set to Ask me to choose an authentication method.

You will be redirected to test the login. After you have successfully authenticated your login in two ways, you will be logged into WordPress, and you have completed this tutorial.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

Was this article helpful? Join the conversation!