How to add Wordfence two-factor to your account login: 12 super simple steps

This article will show you how to add Wordfence two-factor to your account login on a Wordpress website.

Why Wordfence?

Wordfence is just one of the security plugins that we add for most of our clients. It provides a layer of security for websites. There is a free version available, which is (thus far) what we use for our clients.

It offers many layers of protection for your website, reducing drastically the risk of access for hackers. One of the things it offers is “two-factor” authentication. This means that even if a hacker manages to get access to your username and password, they still can’t access the website without having your mobile device in their mucky little paws.

Two-factor authentication uses an authenticator application for better security and reliability, instead of sending text messages. We have definitely found it useful because (living in a very old house with 2-foot thick walls), text messages don’t always arrive.

Table of Contents

How to add Wordfence two-factor to your account login

These instructions will be applicable for almost all of our clients and, depending on how your own website is built, other Wordpress website owners too. If you are a Gandy-Draper client and require more help with this – just contact us in the usual way. As you will already know – we are always happy to help you!

If you are NOT a Gandy-Draper client – then this will only apply if you have the Wordfence plugin installed. You can do that by going to Plugins > Add New and then searching for Wordfence and installing it.

If you would like us to install this for you, as well as set up Wordfence on your website for great security protection, then drop us an email to to open a dialague and we’ll help you through it (or do it for you) for a very small fee.* Our clients get this for free.

Find an authenticator app

The first thing you will need to do is install an “authentication” app to your mobile device. Visit the app store on your own phone and do a search for “authenticator apps”. There are lots available, so before choosing one – do check its rating, its reviews and have a read of the description. Here’s a list of the apps that Wordfence has tested (as of March 2023)

1Password (mobile and desktop versions) See: 1Password help
Authy 2-Factor Authentication
FreeOTP Authenticator
Google Authenticator
LastPass Authenticator
Microsoft Authenticator
Sophos Mobile Security
Any other authenticator app that supports Time-Based One-Time Passwords (TOTP)

Google Authenticator

We use “Google Authenticator” and will be bearing that in miond further along in these instructions, but you may have a preferred one of your own. Simply ensure that it is installed and activated.

Add to your user account on your website

Go to your own profile by either of these two methods:

  • Hover over “Users” in the black sidebar on the back end of your website and click on “Profile when it appears”. Scroll down the list until you find your own username. Hover over it and click on “2FA” when it appears and then go to step 2 in this list. Or – hover over your username and click on “Edit” when it appears.
  • Click on “Hi *your name*” on the very top right corner of the back end of your website and click on “Edit Profile” when it appears
  1. If you went in via “Edit,” scroll down your profile until you see a heading titled, “Wordfence Login Security”. Click on “”
  2. If you went in via “2FA” or have already completed step one, you should be able to see a screen with a QR code on it and various steps to take
  3. With your mobile device in your hand, and your chosen Authenticator app open… scan the QR code.
    – For Google Authenticator on an Android device, you do this by opening the app, clicking on the plus sign on the bottom right and selecting “Scan a QR code”
  4. You will be shown a six-digit number. This number should be placed in the relevant box on the “2FA” page on your website
  5. Download the “Download Recovery Codes” on the same screen. If you are a Gandy-Draper client – we will store these securely for you. Just contact us and we’ll talk you through how to get it to us safely and securely.
  6. Click “Activate” on the “2FA” page
  7. That’s it – you’re done!
  8. Now when you log into your website, it will also ask you for your Two-Factor code. To find yours when loggin in… 
    – Open up the Authenticator app on your phone
    – Find your website in your list (for some it will be the only entry)
    – Copy the number from there into the box on your website login 

Want help?

Already a Gandy-Draper client?

Simply contact us in the way you usually do – we’ll handhold you throughout. 

Not already a Gandy-Draper client?

We may still be able to help. Drop us an email to and we’ll help for a small fee. 

Join the happy group of Gandy-Draper clients

More and more people are coming to Gandy-Draper because their current service provider doesn’t provide as much support as they would like. We go above and beyond the level of customer support most provide and our clients know it!! It is why the vast majority of our clients come to us – they’ve heard how well they will be looked after. Still unsure? Then have a look at our large number of Testimonials.

Contact Gandy-Draper today for a no obligation quote. You’ll be so pleased that you did!


We hope that you’ve found this “How to add Wordfence two-factor to your account login” article useful and easy to follow. As with the installation of any software or apps, you carry these things out at your own risk. If you are unsure about the steps described in any way – then please contact a local techie, or contact us for help for a small fee*

*This can be done by email, phone, Zoom, Whatsapp or Skype. We will ask you to prove you are the correct person to ensure that you are the website owner/representative.