Two-Factor Authentication (2FA) is a security process that requires users to provide two different authentication factors to verify themselves. This enhances security by ensuring that only the verified user can access their account. The two factors typically involve something the user knows (password) and something the user has (authentication app).
Security Ninja offers a straightforward implementation of 2FA to enhance the security of your WordPress site. The 2FA settings can be found under the “Firewall” section of the plugin.
Configuring 2FA Settings
- Enable 2FA
- Description: Activating this setting will mandate the selected user roles to set up and use 2FA for logging into the website.
- Warning: Turning this on will require the selected user roles to set up and then use 2FA to log in to the website.
- Grace Period
- Description: This setting determines the number of days users can skip setting up 2FA.
- Default Value: 14 days
- Note: Changing the number of days after enabling 2FA will recalculate the last day. Setting the value to 0 enforces immediate 2FA setup.
- Required Roles
- Description: Only the selected roles will be required to use 2FA when logging in.
- Options: This list changes based on what user roles are available on your website. Per default administrators and editors are selected.
- 2FA Methods
- Description: Specifies the allowed login methods for 2FA.
- Currently Available: App
- 2FA Introduction
- Description: This text will be displayed to users when they are prompted to set up 2FA.
- Default Text: Secure your account with two-factor authentication.
- 2FA Enter Code
- Description: Shown next to the input field where the user enters their code from the 2FA app.
- Default Text: Enter the code from your 2FA app to continue logging in.
Below is a screenshot of the 2FA settings page: