This topic covers processes requiring access to your WP Hosting Client Area. If you’re not sure how to access the Client Area, please follow this guide before continuing – How do I Login to my WP Hosting Client Area?
What is MFA/2FA and why do I need it?
Enabling MFA/2FA (Multi-Factor or Two-Factor Authentication) adds an extra layer of security to your WP Hosting and other online accounts.
By requiring a second form of verification, it helps keep your information safe even if your password is stolen. Setting up MFA/2FA is an easy and effective way to protect yourself online.
Follow this guide to enhance your security in just a few steps!
To enable MFA/2FA in the Client Area
1. First, login to your WP Hosting Client Area
2. Once logged into the Client Area, click the profile name in the top-right and select ‘Security Settings‘ from the drop-down menu
3. Next, click the ‘Two-Factor Authentication’ tab. This will display the current status.
Press ‘Click here to enable‘ to begin the 2FA / MFA setup
4. You need to choose either token-based or email-based 2FA method.
- Time based tokens: use an authenticator app such as Google Authenticator or Duo to generate one-time codes
- Email based 2FA: sends one-time codes via email
5. Make your choice between Time Based Tokens or Email Two-Factor Authentication and then click ‘Get Started‘
If choosing Time Based Tokens
If choosing Time Based Tokens, you will see a QR code with a screen asking you to connect your app.
Then, Download and open your preferred authenticator app on your smartphone. The steps will vary slightly between apps but the gernaerl steps are;
- Open the authenticator app
- Scan the WP Hosting QR code
- Enter the code from the app and click ‘submit‘
When 2FA is activated, you will see a message confirming “Two-Factor Authentication is now enabled“ and a Backup Code will be displayed.
IMPORTANT NOTE: Make a note of your backup code and treat it as you would any other password. Use this backup code to log in if you lose access to your phone or the authenticator app. Keep it safe.
!!! IMPORTANT NOTE !!!
- Remember to make a note of your backup code and treat it as you would any other password. This backup code can be used to login if you lose access to your phone or the authenticator app, so keep it safe.
If choosing Email 2FA
If you choose Email Two-Factor Authentication, the system sends an email to the primary account address within a few minutes. Please ensure you know the email address associated with your WP Hosting account and that you have access to any mail sent there.
This email will contain an authentication code – enter the code and click ‘Activate‘
PLEASE NOTE: The email 2FA codes are valid for 1 hour only.
This completes the email-based token 2FA setup
From now on, when you log in to the WP Hosting Client Area, the system sends a one-time code (valid for 1 hour) to the email address linked to your account.
To change the 2FA authentication method
To update the way you receive 2FA authentication codes, you will need to reset the configuration by disabling and re-enabling 2FA.
1. First, login to your WP Hosting Client Area
2. Then, once logged into the Client Area, click the profile name in the top-right and select ‘Security Settings‘ from the drop-down menu
3. After that, take note of the current 2FA status. Then, you will see a message: “Two-factor authentication is currently enabled”, highlighted in green.
Click the ‘Click here to disable‘ button to reset 2FA
4. Then, the system prompts you to enter your current WP Hosting Client Area password.
Type your password in the text box and click ‘Disable Two-Factor Authentication‘
5. When you’ve successfully disabled 2FA, you will see the ‘disabled’ status highlighted in red.
Click the ‘Click here to Enable‘ button to restart the setup process (see the steps at the start of this guide for setting up 2FA again)
Important things to remember
- Remember to make a note of your backup code. Treat it as you would any other password. Use this backup code to log in if you lose access to your phone or the authenticator app, so keep it safe.
- Email codes will be sent to the address you’re using to login with
- Email 2FA codes are valid for 1 hour only