In this tutorial, we will learn how to enable two-factor authentication for WordPress using a free plugin called Two-factor authentication. Double security Is a trusted enterprise-class well-known security service Hundreds of companies Like Sony, Microsoft, Accenture, Toyota and Yelp. It is very safe and equally easy to use.

What is two-step verification?

Simply put, two-factor authentication is an additional security measure designed to enhance the security of the sites/products it protects. It consists of two different authentication phases:

  1. account password
  2. A dynamically generated security code called a one-time password (OTP)

Take Google account as an example. With two-factor authentication enabled, when you log in to your account from a new or previously unused IP address, the first obstacle is your password. Next, Google will send a text message or call your registered mobile number and send a 6-digit code. You can only access your account when you enter the code.

Before you authorize your PC (essentially a specific IP address) as a known access point, you will always have to log in using these two steps. Once you have authorized an IP address, 2nd No confirmation code (OTP) is required.

Advantages of two-factor authentication

As you can imagine, in an insecure environment, the benefits of two-factor authentication are priceless. Even if someone knows your password, he cannot access your account. 2nd During the authentication phase, OTP will stop him.check it out Great explanation Safe through Duo. However, in rare cases, the perpetrator can access your password and phone number, then you are done.


Enabling two-factor authentication requires the following equipment to be with each account holder at all times.

  1. A mobile phone or tablet. A smartphone is best, because international calls/texts require a chargeable credit. Android, iOS and BlackBerry devices are recommended smartphones.
  2. A valid phone number (this or a recommended smartphone that can access the Internet)
  3. A sort of Double security account

Set up a Duo security account

The first thing you need to do is to create a free Duo Security account. You must use your valid phone number to register an account. The following steps show you how to:

Create dual account

First, choose Free account Options in the pricing page. Fill in the details carefully. For phone numbers, make sure to use the country code followed by a space, and then the phone number.

Because I am from India, my country code is +91. So I entered +91 XXXXYYYYY.

Create dual account step 2

exist Step 2, You can use different company sizes.Since we use Duo Security to protect our WordPress site, we choose Content management system under “What do you want to protect?” The rest of the settings are no problem.

Dual activation link

After registration, Duo will immediately send you an activation link. Open your inbox and click the link. You will be redirected to a similar page:

Set up dual accounts welcome

  • under phone number Make sure you are using the same one you used in the first step of the Duo registration process.
  • After entering all the details, click submit.
  • Wait a few seconds, then click any Text me or Give me a call.
  • If you have not received the SMS (I did not), please try to call the function.
  • If it still doesn’t work, please recheck the number and make sure your phone has a signal.

Configure Duo Management Panel

After setting up your Duo account, you will be automatically redirected to the admin panel.


  • If you are picking up from here, please log in to your account and select from the left menu integrated > New integration
  • under Integration type choose WordPress
  • this Integration name It can be anything you want-we will use “My WP Site” in this tutorial
  • Click on Create integration

Integrated detailed information two-person management interface

Connect Duo Security to your WordPress site

We will now copy the keys and paste them into our WordPress website. This will establish a connection between our WordPress site and Duo Security.


To do this, please visit WP Dashboard> Settings> Two-factor. The required settings are provided on this page. Copy the key from the Duo Security management interface and paste it into the corresponding field.beat save Changes And establish a connection. Two-factor authentication is now enabled in your site. In the next step, we will set up an authentication method.

Add authentication method for each WordPress user

To do this, you first need to log out of WP Dashboard and log in again. After logging in, you should see the following:


This tells us that the user (“john” in this tutorial) has not activated the authentication method for Duo Security.

Authentication method provided by Duo Security

The available authentication methods available under the free account are as follows:

  1. Telephone (mobile phone or landline)
  2. Short message
  3. blackberries
  4. Android
  5. IOS

this telephone with Short message Method requires retail credit. You have 1000 points at the beginning, and you have to buy them once they are used up. Call/SMS credit costs depend on the country/region of the phone number. For India, you can earn 5 points for each call or text message.I have tested both telephone with Android As an authentication method and found that they are working.

How to add an Android device to a Duo security account

Since most of us have smartphones, I created an in-depth tutorial on Android authentication methods. You can easily set up other devices by following the instructions on the screen.

The main advantage of using an Android device as an authentication method (expressed as pill), the fact is that you don’t need active mobile operator signals. All you need is a valid Internet connection in the corresponding device.So we choose pill under Choose your device


I chose Android. If you have an iPad or iPhone, please select IOS.


Now you need to install the corresponding mobile application.Check the confirmation box and click continue


Open Dual phones Application, and then click the key icon. This will start the barcode scanner.


Scan the barcode on the screen to turn your tablet/mobile phone into a recognizable authentication device.


This confirmation indicates that the user’john’ has an Android device as recognized or Register the device In his account.


Sign in with two-step verification

Everything is now set up. Place your phone/tablet nearby and enter the password to navigate the first stage. You are now at the junction of two-factor authentication.


you can choose Double push or password As a login method.If you choose Double push, Click Log in. You should see a notification on your Android/iOS device.


start up Dual phones Application and select approve. You should immediately see the following:


You have now successfully overcome 2nd During the two-factor authentication process, you can access the WP dashboard. Congratulations!If you selected a password as the login method, then you will be Dual phones application.You must manually enter and press Log in.

Peek at mobile authentication methods

Remember when I said that I also tried the mobile authentication method? Well, our detailed and easy-to-follow on-screen instructions.This screenshot shows a Mobile Add the device to the user “sourav”

09-Mobile phone activation method one

Remember, this form of identity verification will cost you points. You can use voice calls or text messages every time you log in. I found the voice call function the most impressive. All I have to do is answer the call and press any button. That’s it-I logged in automatically.

Phone activation method 2

in conclusion

Enabling two-factor authentication is one of the best ways to prevent unauthorized access. It is an excellent safety practice. Although it takes more time to log into your WordPress site, the extra work will give you peace of mind.

There are other plugins on the market that can help you set up two-factor authentication. The Security Pro plug-in from iThemes is a good example. The plug-in costs $80 for 2 sites and $150 for an unlimited license. Compared with the free version, it is loaded with a lot of excellent security measures—— iThemes security. I chose Double security Because it is free for everyone to use.

So I leave it to you-what do you think of this additional security measure? Is it the same as adding sugar to cola? (Drink) Or as good as thick gravy on pasta?