Please enable two-factor authentication for your WordPress.com account.
Enable Two-Factor Authentication on Your Account
Because we want to make WordPress.com accounts as secure as we can, we’ve made it easier for you to set up two-factor authentication for your account, so you can take advantage of the top-of-the-line security standard.
WordPress.com has supported two-factor authentication (2FA) since 2013. Also known as two-step verification, two-factor authentication allows you to protect your WordPress.com account with both a password and a time-sensitive code you get from your mobile device.
To enable two-step authentication, tap your profile picture to jump into the “Me” section and hit the Security tab. Click on “Two-Step Authentication,” and initiate the setup wizard. You can opt to use an independent mobile app, like Google Authenticator or Authy, that will generate access codes for you, or you can get codes texted to your phone via SMS.
Once two-factor authentication is set up, when logging into your WordPress.com account, you’ll use both your account password in addition to the unique code you receive, ensuring that nobody but you can access your information.
Our teams work around the clock to ensure that WordPress.com is the most secure place to host your website and blog content. We encourage our wonderful users to leverage all of the security measures out there, and hope that two-factor authentication will become a part of your daily blogging routine. For extra help, check out our support documentation.
- Apr 24, 2015 @ 3:00 pm
While the idea is great in principle, the number of users that come to the forums daily for help after being locked out of their accounts by this very feature (usually due to lost backup codes or backup codes not working, usually after getting a new phone) has made me very unlikely to ever use it. And while one can’t blame the system if users don’t follow the instructions to save the backup codes, the fact that they at times don’t work is rather disconcerting.
I’ll rather stick with a very secure and regularly updated password, and add my voice to Author Unpublished in saying thanks that this feature isn’t mandatory. I hope it remains optional.
Would it perhaps be possible, though, to add an option for account recovery via a one-time password sent by SMS, like Facebook and Twitter, and I think Google also does? If we can add our cell phone numbers for this purpose without activating two-step authentication it would be great.
I tried it when it was first offered, but received a stream of SMS messages which I did not instigate. Was there someone out there trying to hack into the blog and being foiled by the new protection? If so, he’s been strangely inactive since I deactivated two step authentication in frustration. Willing to try again, but suspect I’ll be deluged with unnecessary texts this time too…
I’m not a fan myself. I went to try it and it took me to google authenticator app. I hate having apps on my phone, taking up valuable space. Yes I understand that I could do it via sms but I agree with the first commenter, it adds time. Personally, I don’t want to have to faff around with a second code each time I need to log in. With that said, I am very skeptical so I think that changes my perception of it. Maybe if it were better explained, even more so in laymans terms?
I’m so glad to see this post. I have two factor authentication on one of my sites using google authenticator. I had some updating done to my phone and all the apps went to the cloud. Since re installing the authenticator app it doesn’t work like I remember it working and I have not been able to access my site. Is there anyway I can get back into my site without having to go through this.Just to post this I tried to use my wordpress account but that Authentication code thing stopped me in my tracks.
Glad to see this as a topic of conversation, I have been using 2-step for both my gmail accounts (never been hacked & fingers still crossed) and for my WordPress blog. I will reblog this today. In my experience Google Authenticator is slow and once you change or upgrade phones you are sunk, locked out, etc. None of the backup codes worked for me, both times I really needed them too.
So I used 2-step with my mobile SMS alerts. Do not rely on this for international travel. I’m switching my 2-step safe login to Authy on my laptop (which requires no mobile phone number change when traveling outside USA).
I am reblogging this post now.