How do the two-factor authentication (2FA) policies work?
With the WP 2FA plugin you can configure 2FA policies to make two-factor authentication (2FA) compulsory for WordPress users, or a number of users on your WordPress website. This document explains what happens when you configure the two-factor authentication (2FA) policies to make it compulsory on a WordPress site, and what users should do.
1. Users are notified to configure 2FA
When the administrator makes 2FA compulsory on a website, the plugin sends an email to the users notifying them to setup 2FA.
Users are also notified each time they login to the WordPress dashboard each time they login to the website:
Users are also given a grace period until they can configure two-factor authentication for their WordPress user accounts.
2. Users have to set up & use 2FA
Once the users are notified they should setup two-factor authentication (2FA) by clicking the Configure 2FA now button in the dashboard notification. Users can also configure 2FA by clicking Configure Two-factor authentication (2FA) in their user profile page.
Configuring two-factor authentication for your WordPress user is really simple. It just takes a few seconds.
What happens if WordPress users do not configure two-factor authentication?
Users are given a grace period to configure two-factor authentication. The grace period is configured by the site administrator. If someone does not configure 2FA within the grace period, their WordPress user is locked and they cannot login to the website.
When the site administrator unlocks the locked WordPress user, the user can log back into the website and the grace period is reset.