From 1 February 2021, we require all ‘administrator’ users on our HappyPress network to login with 2FA.
What is 2FA?
2FA is short for ‘two-factor authentication’, which is simply an extra layer of security added to the process of logging into a website. 2FA uses a time-sensitive one-time password on top of your usual login details to make sure it’s really you trying to log in. You’ve probably used 2FA before when logging into your online banking: banks will usually send you a text message with the one-time password you need to access your account.
Why is this more secure? Without 2FA, if someone managed to discover your username and password they would be able to log in as you — simple as that. With 2FA enabled, they’d also need your one-time password. This one-time password changes every few seconds and is only available to you through an authentication app (such as Google Authenticator or 1Password), so it makes it very difficult to hack into your account.
SMILE’s policy on 2FA
The security of our sites depends on the security of the accounts that have access to them. If you have a website that’s hosted on SMILE’s HappyPress network, 2FA is required for all users with the ‘administrator’ role. Administrators will not be able to login to WordPress without 2FA.
We strongly recommend that all users enable 2FA on their accounts for added security, but non-admin users who choose not to add 2FA will still be able to log in with their usual details.
How to set up 2FA
If you’re an administrator, 2FA will be automatically enabled on your account on 1 February 2021. You will need to set up 2FA before then or you will be unable to login.
1. Once you’re logged in, click the ‘Login Security’ item in the left-hand menu.
Alternatively, you can access 2FA setup by going to your profile and clicking the ‘enable 2FA’ button in the ‘Wordfence Login Security’ section at the bottom of the page.
2. Follow the instructions on the setup page. You will need to have an authentication app installed to complete these steps.