What are the 2FA backup codes?

Last updated on June 15th, 2022 by Will Morris. Filed under WordPress Admin Tips

When you use two-factor authentication (2FA) on your WordPress website, you need the username, password, and a one-time code to login.

The one-time code can be generated by an app, sent to you over email, or generated by a third party specialized device. However, how can you still login if you not have access to the 2FA app, or the mailbox where the 2FA code was sent? Is there a fail safe backup plan?

Yes, there is. You can login with backup codes. In this article we explain what backup codes are, how you can generate them, and how you can login with them.

What are backup codes?

Backup codes are a number of one-time codes you can generate specifically for your WordPress user when you have 2FA enabled. You need the backup codes in case you want to login to your WordPress website and cannot access the primary one-time code generator.

How do you get the 2FA backup codes?

If you are using WP 2FA as your WordPress two-factor authentication plugin, when you setup 2FA for your WordPress user the wizard gives you the option to generate ten backup codes.

2FA wizard to generate backup codes

If you did not generate them through the wizard, you can still generate them from your user profile page. Click the button Generate backup codes in the WP 2FA settings section, at the bottom of your user profile page.

10 backup codes for 2FA

When the backup codes are generated, download the text file and save it in a secure location. You can also print the codes.

How do you use the backup codes?

To login to your WordPress website you need the username, password and the one-time code. If you cannot generate the one-time code via the normal primary means, click on use a backup code when asked for the two-factor authentication code. The link is highlighted in the below screenshot.WordPress 2FA login page with link to backup codesEnter one of your backup codes and you will login to your WordPress website.

How many backup codes can you have, or have left?

Backup codes are also one-time codes. So once a code is used, it cannot be used again. By default the plugin creates ten backup codes for every user. You can see how many backup codes you have left under the WP 2FA settings section in your profile page.

The 2FA settings in the WordPress user profile page

Do not wait until you have just one backup code left. Don’t risk getting locked out. Create ten new backup codes whenever you have less than two unused backup codes left.

Get started with 2FA on your WordPress website

Have you enabled two-factor authentication (2FA) on your WordPress website? If not, now is the right time to try! Use WP 2FA, a free WordPress two-factor authentication plugin. WP 2FA is very easy to use and allows you to configure 2FA policies to make 2FA mandatory.


Iwan 13/01/2022

What can I do if I somehow “missed” the backup codes.

I generated the backup codes but when I was about to copy the codes to store them somewhere safe I accidentally closed the window. Is there a way I can get the codes again?

Radostin Angelov 24/01/2022

Hi Iwan,

Thanks for reaching out.

Yes, you can still generate backup codes. If you want to do that just go to the WordPress dashboard, Users ⇾ Profile, then scroll down, and you can see a button “Generate list of backup codes”.

Let me know if that worked.


Tammy 14/03/2022

I have lost access to the authenticator device that held the 2fa for my website. Is there are workaround for this if I also don’t have back up codes?

Robert Abela 15/04/2022

Hello Tammy,

The only way around 2FA if you do not have backup codes is to manually deactivate the plugin (by accessing the website’s file) and then you can log in. Once you log in, do not forget to re-activate the plugin and then generate the backup codes. Good luck with recovering access to the website. If you need more assistance, please drop us an email at support@wpwhitesecurity.com.

Mihaela 13/08/2022

Hello! I lost my phone, I have a new phone number, I lost my backup codes list, I can’t login to my website. My old phone number is not available anymore and I can’t access it.For one step I can login only with my email, but I can’t go on with that. I need a backup code. How can I get new backup codes?

WP White Security 15/08/2022

Hello Mihaela, if you can’t regain access to your website, manually deactivate the plugin and log in. Once you log in, reactivate the plugin and generate the backup codes from your user profile page.

I trust the above helps. Should you need any further assistance, please open a support ticket.

Leave a Reply

Your email address will not be published. Required fields are marked *

Our other plugins