Setting Up Multifactor Authentication (2FA) on WordPress

December 15, 2022 · WORDPRESS
Contributed by: Livingstone, Dan

Multifactor authentication (called two-factor authentication, or 2FA, on our WordPress sites) is important for keeping our websites secure. It requires that you know something (your password) and have something (your phone) in order to log in as an editor.

After it’s set up, you’ll sometimes be asked for a 6-digit code that’s on your phone after you enter your username and password. It won’t happen every time, but periodically, or when you’re not using your usual computer.

Setup Instructions

These instructions are specifically for editors on DeGroote websites.

  • On your phone, install the Microsoft Authenticator app. You may have already done this step if you set up multifactor authentication for your MacID.
  • On your computer, go to the site you edit and log in like you usually do.
  • Click on “Profile” in the dashboard menu.
    • Scroll down to the bottom of the page.
    • Beside “Two Factor Authentication” click the “Enable” button.
      • Some new steps and a QR code appear.
    • Don’t worry about step 1 if you’ve already installed the Microsoft Authenticator app on your phone.
  • On your phone, open the Microsoft Authenticator app.
    • Tap the “+” in the top-right corner of the screen.
    • Tap the “Other” option.
    • Use your phone to scan the QR code on your computer screen.
      • A new entry is added for this website.
    • Change the new entry’s name. (optional)
      • Tap the new entry.
      • Tap on the gear (settings) icon in the top-right corner of the screen.
      • Tap on “Account Name”.
      • Type in a new name (like the name of the site) and then tap “Done”. (See note for people who edit multiple sites, below.)
      • Tap the arrow in the top-left corner of the screen to go back to your entry list.
    • The entry shows the 6-digit number you need to use when logging into WordPress (for this specific site).
      • The number changes every 30 seconds.
  • Back on your computer, enter the 6-digit code that appears right now, and click the “Verify” button.
  • Click on the “Update” button at the bottom of the page.

People Who Edit Multiple Sites

There are two WordPress systems working in the background to deliver our websites — an older one, and a newer one. If you edit more than one site, it’s possible one will use the older system and the other will use the newer system.

If that’s the case, you’ll need two entries on Microsoft Authenticator. (They automatically get labelled “older” and “newer,” but you can change these account names if something else is easier to remember.)

The tricky part will be remembering which of your sites uses each authentication code. However, if one doesn’t work, the other one always should.

This situation is temporary. We’re working on moving all WordPress sites to the newer system — but it will take some time.

If you have any trouble organizing multiple site logins, please let us know and we’ll give you a hand.

Logging In

Now when you log into a site, after you enter your username and password, you may be asked for a 6-digit code.

When that happens, open the Microsoft Authenticator app on your phone. Find the entry for the website you’re editing, and use the corresponding code to log in.

You won’t be asked for a code every time, especially if you’re using the same computer.

If you have any questions, let us know in the comments or send us a message!

Tags:   WORDPRESS