What is the 2FA grace period and how can you configure it?
When you configure the 2FA policies and make two-factor authentication (2FA) compulsory on your WordPress site, users need a grace period during which they can configure 2FA. Otherwise, if 2FA is enforced without the user configuring it, they will be locked out of the website. Or, the administrator has to configure 2FA for them, manually.
How do you configure the grace period for 2FA?
The grace period can be configured in the Settings > Two-factor authentication menu entry in your WordPress dashboard.
What is the recommended grace period?
There is no ideal grace period. However, the sooner you can get your users to use two-factor authentication the better it is for the security of your WordPress website and the site’s users.
What happens when a user does not configure 2FA within the grace period?
If the user does not configure two-factor authentication (2FA) within the grace period, the user is locked. Only the website’s administrators can unlock the user again. Read how to unlock locked WordPress users for more information on this subject.