Enabling two-factor authentication, or 2FA, is one of the most important steps you can take to prevent account compromise. Two-factor authentication is an additional login security feature which is used by banks, government agencies and military worldwide. It is one of the most secure forms of remote system authentication. This method of signing into your Wordfence Central account relies on something you know and something in your possession. That is why it is referred to as two-factor, because two factors are involved in authenticating you. In this case, you know your password, and you are in possession of your cell phone. If we can verify both of these, then we know that it’s OK to allow you to access your Wordfence Central account.
Most TOTP (Time based One Time Password) based authenticator apps should work with Wordfence two-factor authentication. We have tested the following apps available for Android, iOS and Windows devices, which worked at the time they were tested:
- Google Authenticator
- LastPass Authenticator
- Duo Mobile
- Microsoft Authenticator
The first time you log in to Wordfence to use Central, you will be prompted to enable 2FA. If you click “Setup Two Factor Authentication”, a window will pop up with a QR code (Quick Response Code). You can scan this code with the app of your choice, or manually enter the 32-character code below it into the app. Your authenticator app should now show a 6-digit code that changes every 30 seconds.
Once you have done this be sure to click the “Download” button to download the backup codes so that you can log in to your account; even if you lose your smartphone. Click “Continue” to be taken to the next screen, and enter the 6-digit code that appears in your authenticator app, then click “Activate”.
Setting up 2FA on an existing account
If you already have an account at wordfence.com and would like to enable 2FA, you can go to the Account page and click “Enable with Authenticator App”. A window will pop up with a QR code. You can scan this code with the app of your choice, or manually enter the 32-character code below it into the app. Your authenticator app should now show a 6-digit code that changes every 30 seconds.
Once you have done this be sure to click the “Download” button to download backup codes so that you can log in to your account; even if you lose your smartphone. Click “Close”, and enter the 6-digit code that appears in your authenticator app in the “Enter Activation Code” box, then click “Activate”.
If you have enabled 2FA on your account, you can log in with your normal username and password at wordfence.com, and a prompt will appear asking for a code. Enter the code that appears in your authenticator app for wordfence.com into this prompt and click “Log In”.
Alternatively, when you enter your normal username and password, you can add the code from your authenticator app immediately after your password (or separated by a space) and click “Log In” before the code expires.
If you have lost your smartphone, or got a new one, you can use a recovery code to log in to your wordfence.com account. Simply enter your normal username and password, and paste one of your recovery codes immediately after the password, then click “Log In”.
If you do lose your phone and you have to use one of your recovery codes to login then you can setup two-factor authentication again once you have a new phone. At the bottom of the Account page click on “Remove two factor authentication”. You will be asked if you are sure that you want to deactivate two-factor authentication. Click on “Deactivate”. You will then be able to setup two-factor authentication for your new phone.