How do the two-factor authentication (2FA) policies work?

You are here:
  • Home
  • WP 2FA
  • How do the two-factor authentication (2FA) policies work?

With the WP 2FA plugin you can configure 2FA policies to make two-factor authentication (2FA) compulsory for WordPress users, or a number of users on your WordPress website. This document explains what happens when you configure the two-factor authentication (2FA) policies to make it compulsory on a WordPress site, and what users should do.

1.  Users are notified to configure 2FA

When the administrator makes 2FA compulsory on a website, the plugin sends an email to the users notifying them to setup 2FA.

Email notification to user to enable 2FA

Users are also notified each time they login to the WordPress dashboard each time they login to the website:

2FA notification in dashboard

Users are also given a grace period until they can configure two-factor authentication for their WordPress user accounts.

2.  Users have to set up & use 2FA

Once the users are notified they should setup two-factor authentication (2FA) by clicking the  Configure 2FA now button in the dashboard notification. Users can also configure 2FA by clicking Configure Two-factor authentication (2FA) in their user profile page.

Users can launch the 2FA wizard from their profile page

Configuring two-factor authentication for your WordPress user is really simple. It just takes a few seconds.

What happens if WordPress users do not configure two-factor authentication?

Users are given a grace period to configure two-factor authentication. The grace period is configured by the site administrator. If someone does not configure 2FA within the grace period, their WordPress user is locked and they cannot login to the website.

WordPress users locked

When the site administrator unlocks the locked WordPress user, the user can log back into the website and the grace period is reset.

Add an extra layer of security to your WordPress site; download WP 2FA today!