{"id":156812,"date":"2025-05-30T16:57:14","date_gmt":"2025-05-30T21:57:14","guid":{"rendered":"https:\/\/wpengine.com\/?post_type=resource&p=156812"},"modified":"2025-06-17T12:03:48","modified_gmt":"2025-06-17T17:03:48","slug":"wp-engine-mfa-options","status":"publish","type":"resource","link":"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/","title":{"rendered":"Keep Your Account Safe With Multi-Factor Authentication"},"content":{"rendered":"\n

Protecting your account is more important than ever. Multi-Factor Authentication<\/a> (MFA) is one of the best ways to keep yourself secure. <\/p>\n\n\n\n

This guide will explain the different MFA options WP Engine supports via our User Portal, how they work, and how they compare in terms of security.<\/p>\n\n\n\n

What is multi-factor authentication?<\/strong><\/h2>\n\n\n\n

MFA adds an extra layer of security beyond just your password. It requires you to verify your identity using a combination of two or more different methods:<\/p>\n\n\n\n

    \n
  1. Something you know (like your password)<\/li>\n\n\n\n
  2. Something you have (like your phone or a security key)<\/li>\n\n\n\n
  3. Something you are (like your fingerprint)<\/li>\n<\/ol>\n\n\n\n

    By requiring multiple verification methods, MFA makes it much harder for hackers to gain unauthorized access to your WordPress site on WP Engine.<\/p>\n\n\n\n

    Our supported MFA options<\/strong><\/h2>\n\n\n\n

    1. Email authentication<\/strong><\/h3>\n\n\n\n

    What it is: <\/strong>Email MFA sends a one-time code to your registered email address when you attempt to log in.<\/p>\n\n\n\n

    Setup:<\/strong> Automatically enabled for all accounts on WP Engine.<\/p>\n\n\n\n

    Security level:<\/strong> \u2605\u2605\u2606\u2606\u2606 (Basic)<\/p>\n\n\n\n

    Protects against: <\/strong>Password theft, brute force attacks<\/p>\n\n\n\n

    Limitations:<\/strong> If your email account is compromised, this method becomes vulnerable. Also, email delivery can sometimes be delayed or blocked by spam filters.<\/p>\n\n\n\n

    Best for:<\/strong> Users who want a simple solution without installing additional apps.<\/p>\n\n\n\n

    2. Okta Verify<\/strong><\/h3>\n\n\n\n

    What it is: <\/strong>A mobile app that sends push notifications to your phone for authentication.<\/p>\n\n\n\n

    Setup:<\/strong><\/p>\n\n\n\n

      \n
    1. Download Okta Verify from the Google Play Store<\/a> or the Apple App Store<\/a>.<\/li>\n\n\n\n
    2. Select “Okta Verify” in the MFA page.<\/li>\n\n\n\n
    3. Follow the guided setup process.<\/li>\n<\/ol>\n\n\n\n

      Security level: <\/strong>\u2605\u2605\u2605\u2605\u2606 (Strong)<\/p>\n\n\n\n

      Protects against:<\/strong> Password theft, phishing, and man-in-the-middle attacks<\/p>\n\n\n\n

      Limitations: <\/strong>Requires a smartphone and an internet connection.<\/p>\n\n\n\n

      Best for: <\/strong>Users who want a convenient yet secure option that doesn’t require entering codes manually.<\/p>\n\n\n\n

      3. Authenticator app<\/strong><\/h3>\n\n\n\n

      What it is:<\/strong> An app that generates time-based one-time passwords (TOTP) that change every 30 seconds.<\/p>\n\n\n\n

      Setup:<\/strong><\/p>\n\n\n\n

        \n
      1. Download an authenticator app (like Google Authenticator) from the Google Play Store or Apple App Store.<\/li>\n\n\n\n
      2. Scan the QR code provided in the WP Engine User Portal<\/a> with your app.<\/li>\n\n\n\n
      3. For backup, scan the same QR code on multiple devices before completing setup.<\/li>\n<\/ol>\n\n\n\n

        Security level: <\/strong>\u2605\u2605\u2605\u2606\u2606 (Medium)<\/p>\n\n\n\n

        Protects against:<\/strong> Password theft, phishing, and replay attacks<\/p>\n\n\n\n

        Limitations: <\/strong>Copying the code to multiple devices increases the possibility of compromise.\u00a0<\/p>\n\n\n\n

        Best for: <\/strong>Users who want strong security with offline capabilities.<\/p>\n\n\n\n

        4. Security key or biometric authenticator (FIDO2\/WebAuthn)<\/strong><\/h3>\n\n\n\n

        What it is: <\/strong>Physical security keys (like YubiKey or Google Titan) or built-in biometric authentication (like fingerprint readers or facial recognition).<\/p>\n\n\n\n

        Setup: <\/strong>Varies based on the specific device, but typically involves registering your security key or biometric data through the User Portal.<\/p>\n\n\n\n

        Security level: <\/strong>\u2605\u2605\u2605\u2605\u2605 (Strongest)<\/p>\n\n\n\n

        Protects against:<\/strong> Password theft, phishing, malware, and sophisticated remote attacks<\/p>\n\n\n\n

        Limitations:<\/strong> May require purchasing additional hardware (for security keys) or a compatible device (for biometrics).<\/p>\n\n\n\n

        Best for:<\/strong> Users who want the highest level of security, especially for administrative accounts.<\/p>\n\n\n\n

        Comparison and recommendations<\/strong><\/h2>\n\n\n\n

        For casual users<\/strong><\/h3>\n\n\n\n

        Recommended: <\/strong>Email or Authenticator App<\/p>\n\n\n\n

        Both provide a good balance of security and convenience. Email requires no setup, while an Authenticator app can offer better security with minimal setup.<\/p>\n\n\n\n

        For regular business users<\/strong><\/h3>\n\n\n\n

        Recommended: <\/strong>Okta Verify or Authenticator App<\/p>\n\n\n\n

        These options provide strong security while remaining convenient for daily use.<\/p>\n\n\n\n

        For administrators or high-security needs<\/strong><\/h3>\n\n\n\n

        Recommended: <\/strong>Security Key or Biometric Authentication<\/p>\n\n\n\n

        These provide the strongest protection against sophisticated attacks and are therefore recommended only for accounts with administrative privileges.<\/p>\n\n\n\n

        Best practices<\/strong><\/h2>\n\n\n\n
          \n
        1. Enable at least one MFA method beyond email for optimal security.<\/li>\n\n\n\n
        2. Ensure your WP Engine password is updated and does not match your other passwords.<\/li>\n\n\n\n
        3. Store backup codes securely. <\/li>\n\n\n\n
        4. Keep authentication apps and devices updated.<\/li>\n\n\n\n
        5. Use phishing\u2011resistant factors (Okta Verify<\/a> or FIDO2<\/a>\/WebAuthn<\/a>) for privileged access.<\/li>\n<\/ol>\n\n\n\n

          By implementing MFA, you significantly reduce the risk of unauthorized access to your WordPress site, even if your password is compromised. Choose the method that best fits your security needs and technical comfort level.<\/p>\n\n\n\n

          Need help?<\/strong><\/h2>\n\n\n\n

          If you encounter any issues setting up or using any of these MFA methods, please contact our support<\/a> team for assistance.<\/p>\n","protected":false},"excerpt":{"rendered":"

          Protecting your account is more important than ever. Multi-Factor Authentication (MFA) is one of the best ways to keep yourself secure.  This guide will explain the different MFA options WP Engine supports via our User Portal, how they work, and how they compare in terms of security. What is multi-factor authentication? MFA adds an extra…<\/span><\/span><\/p>\n","protected":false},"author":472,"featured_media":156816,"template":"","resource-topic":[909],"resource-role":[895,896,899],"resource-type":[916],"class_list":["post-156812","resource","type-resource","status-publish","has-post-thumbnail","hentry"],"yoast_head":"\nKeep Your Account Safe With Multi-Factor Authentication<\/title>\n<meta name=\"description\" content=\"This guide explains the MFA options WP Engine supports, how they work, and how they compare in terms of security.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Keep Your Account Safe With Multi-Factor Authentication\" \/>\n<meta property=\"og:description\" content=\"This guide explains the MFA options WP Engine supports, how they work, and how they compare in terms of security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/\" \/>\n<meta property=\"og:site_name\" content=\"WP Engine\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/wpengine\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-17T17:03:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wpengine.com\/wp-content\/uploads\/2025\/05\/mfa.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1100\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@wpengine\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/\",\"url\":\"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/\",\"name\":\"Keep Your Account Safe With Multi-Factor Authentication\",\"isPartOf\":{\"@id\":\"https:\/\/wpengine.com\/#website\"},\"datePublished\":\"2025-05-30T21:57:14+00:00\",\"dateModified\":\"2025-06-17T17:03:48+00:00\",\"description\":\"This guide explains the MFA options WP Engine supports, how they work, and how they compare in terms of security.\",\"breadcrumb\":{\"@id\":\"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wpengine.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources\",\"item\":\"https:\/\/wpengine.com\/resources\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Keep Your Account Safe With Multi-Factor Authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wpengine.com\/#website\",\"url\":\"https:\/\/wpengine.com\/\",\"name\":\"WP Engine\",\"description\":\"Managed Hosting for WordPress\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wpengine.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wpengine.com\/#\/schema\/person\/f566ebae3b69972dc97572d98dfe158a\",\"name\":\"Matthew Cardenas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wpengine.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6910eca9c1b77fdbedeb23c1ded7e568f3927889748a844d56dfa64bb1ad7a2e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6910eca9c1b77fdbedeb23c1ded7e568f3927889748a844d56dfa64bb1ad7a2e?s=96&d=mm&r=g\",\"caption\":\"Matthew Cardenas\"},\"url\":\"https:\/\/wpengine.com\/blog\/author\/MatthewCardenas\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Keep Your Account Safe With Multi-Factor Authentication","description":"This guide explains the MFA options WP Engine supports, how they work, and how they compare in terms of security.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/","og_locale":"en_US","og_type":"article","og_title":"Keep Your Account Safe With Multi-Factor Authentication","og_description":"This guide explains the MFA options WP Engine supports, how they work, and how they compare in terms of security.","og_url":"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/","og_site_name":"WP Engine","article_publisher":"https:\/\/www.facebook.com\/wpengine","article_modified_time":"2025-06-17T17:03:48+00:00","og_image":[{"width":1100,"height":500,"url":"https:\/\/wpengine.com\/wp-content\/uploads\/2025\/05\/mfa.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@wpengine","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/","url":"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/","name":"Keep Your Account Safe With Multi-Factor Authentication","isPartOf":{"@id":"https:\/\/wpengine.com\/#website"},"datePublished":"2025-05-30T21:57:14+00:00","dateModified":"2025-06-17T17:03:48+00:00","description":"This guide explains the MFA options WP Engine supports, how they work, and how they compare in terms of security.","breadcrumb":{"@id":"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/wpengine.com\/resources\/wp-engine-mfa-options\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wpengine.com\/"},{"@type":"ListItem","position":2,"name":"Resources","item":"https:\/\/wpengine.com\/resources\/"},{"@type":"ListItem","position":3,"name":"Keep Your Account Safe With Multi-Factor Authentication"}]},{"@type":"WebSite","@id":"https:\/\/wpengine.com\/#website","url":"https:\/\/wpengine.com\/","name":"WP Engine","description":"Managed Hosting for WordPress","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wpengine.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/wpengine.com\/#\/schema\/person\/f566ebae3b69972dc97572d98dfe158a","name":"Matthew Cardenas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wpengine.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6910eca9c1b77fdbedeb23c1ded7e568f3927889748a844d56dfa64bb1ad7a2e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6910eca9c1b77fdbedeb23c1ded7e568f3927889748a844d56dfa64bb1ad7a2e?s=96&d=mm&r=g","caption":"Matthew Cardenas"},"url":"https:\/\/wpengine.com\/blog\/author\/MatthewCardenas\/"}]}},"acf":[],"grid_image_url":"https:\/\/wpengine.com\/wp-content\/uploads\/2025\/05\/mfa-grid.png","media-type":{"term_id":916,"name":"Article","slug":"article"},"role":"<strong>Roles:<\/strong> Agency, Developer, Site Owner","topic":"<strong>Topics:<\/strong> Security","_links":{"self":[{"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/resource\/156812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/users\/472"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/media\/156816"}],"wp:attachment":[{"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/media?parent=156812"}],"wp:term":[{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/resource-topic?post=156812"},{"taxonomy":"resource-role","embeddable":true,"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/resource-role?post=156812"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/wpengine.com\/wp-json\/wp\/v2\/resource-type?post=156812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}