# Two-Factor Authentication

Two-Factor Authentication (2FA) adds an extra layer of security to your WordPress login by requiring a one-time verification code in addition to your password. With Limit Login Attempts Reloaded version 3.0 and above, 2FA is simple to enable and available to both free and premium users. Passwords alone are no longer enough to protect your site, as they can be compromised through data breaches, phishing attacks, or reuse across multiple platforms. By enabling 2FA, you ensure that even if someone gains access to your password, they will not be able to log in without the additional verification code sent to your email.

To enable 2FA, navigate to your WordPress dashboard and go to **Limit Login Attempts → 2FA Settings**. From there, check the option to enable multi-factor authentication and select the user roles that should be required to use 2FA. It is highly recommended to enable this feature for administrators first, as these accounts have the highest level of access and are the most important to protect. Once you have selected the appropriate roles, click Save Settings to continue.

<figure><img src="/files/QV10B8FFsM0IfYjAXAz9" alt=""><figcaption></figcaption></figure>

Before fully activating 2FA, you will be prompted to **download your rescue links**. These are one-time use backup links that allow you to regain access to your account if you are unable to receive the verification email or lose access to your email address. It is important to store these links in a secure location, such as a password manager, printed copy, or encrypted file. You can copy them to your clipboard, print them, or download them as a PDF. After saving them, confirm that you have stored your rescue links and proceed by clicking Activate 2FA and Save Settings. Each rescue link can only be used once, so they should be treated as sensitive security credentials.

Once 2FA is enabled, your login process will include an additional verification step. After entering your username and password, you will receive a six-digit verification code sent to your registered email address. Enter this code on the verification screen to complete your login. These codes expire quickly, typically within a few minutes, to ensure maximum security.

<figure><img src="/files/aVse3gJhl9oLN84naOuj" alt=""><figcaption></figcaption></figure>

The verification email will also include helpful information about the login attempt, such as the IP address, location, browser, and device used. This allows you to quickly identify whether the login attempt was legitimate. If you do not recognize the attempt, you should immediately change your WordPress password and review your site’s security settings.

If you are unable to access your email and cannot receive the verification code, you can use one of your rescue links to regain access to your site. When a rescue link is used, 2FA will be temporarily disabled for a short period, allowing you to log in and update your settings. Because each link can only be used once, it is important to keep them safe and generate new ones if needed.

This email-based 2FA system is designed to be both secure and easy to use, requiring no additional apps or complicated setup. It works alongside Limit Login Attempts Reloaded’s existing protections, including brute force protection, IP intelligence, and login monitoring, to create a layered security approach. By enabling 2FA, you significantly reduce the risk of unauthorized access and strengthen the overall security of your WordPress site.

\ <br>

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.limitloginattempts.com/plugin-settings/general-settings/two-factor-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.