2FA – Two-factor login

Use 2-factor authentication (2FA)

Content

What is 2FA?

Two-factor authentication (2FA) increases the security of your account. As before, you need to know something (user name and password), but now you also need to have something (an email account, a special app).

This significantly reduces the risk of unauthorized access, also in terms of GDPR. Even if someone has stolen your password, a hacker can no longer use it to log in.

These instructions (as of 3/2025) refer to the security software normally installed by the TBA on WordPress websites.

Otherwise, images and individual steps may differ slightly.

What methods are available?

  1. E-mail: You will receive a code by e-mail which you must enter when you log in.
  2. Authenticator app (TOTP): A mobile app such as Google Authenticator or Authy generates time-limited codes. Modern password managers such as 1Password can also handle this variant and can even conveniently automate the process.
    This requires another method as an emergency backup.
  3. Backup codes: A list of single-use codes (TAN) that you can use to log in in an emergency if you do not have access to other methods. This is particularly important if you have opted for the TOTP method.
    If this method is not offered, the website administrator can restore your access.

Recommendation

Emails are the easiest to set up, but somewhat less secure. To get started, it is recommended that you change the 2FA settings in your user profile later.

TOTP is the most secure. It is very convenient to use, especially in conjunction with password managers, as you do not have to open the e-mail program.

Set up - 3 steps to a secure login

Step 1Registration with WordPress

  • Go to the WordPress login page and enter your user name and password:
  • A small info text about 2FA appears.2fa info textRead the text and click on “Next“.

Step 3Select and set up 2FA method(s)

We offer 3 2FA methods, as described above. Now select one or more according to your wishes: Set up your preferred method by clicking on the arrow to the right >. Here is an explanation of the methods and what happens next:

A. Confirmation by e-mail

When you register, you will receive an e-mail to your registered e-mail account with a number. This number must be entered when registering at WordPress. This is the easiest way, but somewhat less secure.
  1. Select email as your 2FA method by clicking on “Activate”.
  2. Then click on “Continue”…With this method, a code will be sent to your registered e-mail address when you log in.
  3. Now enter this e-mail code here on the website:
  4. Save your settings with “Verify” to check and activate this function.

B. Authentication app / password manager

The process is more secure and, once set up, more convenient. This requires the use of an (often free) authentication app. This can be a special program. However, many password managers such as 1stPassword also offer this function and even automate sharing.
  1. Install an authentication app such as Google Authenticator, Authy on your smartphone if you don’t already have one.Or use a modern password manager such as 1st Password.
  2. Scan the QR code displayed on the 2FA setup page with the app (recommended for mobile apps).Or alternatively, click on “View Secret” and copy the long text code into your authentication app (recommended for password managers on the PC/Mac).
  3. The app will now generate a six-digit code. Enter this in the verification field at WordPress to confirm.
  4. Save your settings now to activate this function.
  5. Now also set up one of the other two methods in case the app does not work or the mobile is lost.

C. Backup codes as a safety net

Backup codes are single-use codes that should be kept for emergencies. If this method is not offered, the website admin can restore your access.
  • Activate backup codes and generate a list.
  • Download the codes and save them in a safe place.
  • Save the settings.
If you do not have access to your e-mail or Authenticator app, you can log in with these codes.

Ready!

The gray “Continue” button should now be clickable and you can now complete the process.

Test your 2FA setup

  • Log out and log back in to make sure your 2FA setup is working as expected.
  • After entering your user name and password, you will be asked to enter a confirmation code (by e-mail or via the authentication app).

Use

Register with WordPress

  • Enter your login details on the login page and click on “Login”.

Enter your 2FA code

Depending on the 2FA method selected:Email:Search for a verification code in your email and enter it in the 2FA field:Authenticator app: Open your app, search for the code for your website and enter it. Password programs such as 1stPassword often do this automatically for you.

And that’s it

Click on “Send” after you have entered the correct 2FA code to complete the registration at WordPress.

Troubleshooting tips

Can I use several methods at the same time?

Yes, you can activate both email and the Authenticator app or backup codes.

Do I always have to activate two methods?

Only if you use an authenticator app. Then a second method (e-mail or backup codes) is mandatory.

Can I change a method retrospectively?

Yes, you can activate or remove another 2FA method in your user settings at any time.

You have not received an e-mail code?

Check your spam or junk folder. If the e-mail does not arrive, try sending the code again.

Is the Authenticator app not working?

Make sure that the date and time settings of your mobile are correct, as they affect the code generation.

Is access to 2FA no longer possible?

Contact the website administrator or us to have your 2FA settings reset.

Source

These instructions are based on our own experience with the software and these original instructions:

https://solidwp.com/documentation

t_js_info_note_wrapper

Categories
Carl D. Erling, Berlin, CTO
Carl D. Erling, CTO
More help tips
TBA ERLING Berlin Logo
TBA Tim Becker Artwork Berlin Hamburg Logo