View Categories

Authentication Apps

1 min read

Use this page to set up your Authenticator app. These apps provide the strongest security because they work without internet or phone signal. For extra protection, your login code changes every 30 seconds

Authenticator Applications Toggle

  • This switch enables or disables two-factor authentication.

Enable for Roles

  • This setting allows you to select which user roles are allowed to use the Authenticator App.
enable 2fa

Advanced Settings

This section allows you to select the algorithm used to generate your OTP. You can choose between two options:

advance option for 2fa
  • TOTP (Time-Based): This is the most common algorithm and is used by virtually all authenticators. It generates a new verification code every 30 seconds based on the current time.
  • HOTP (Event-Based): This option generates codes based on a counter. The code only changes when an event occurs (like a login attempt), rather than based on the time.

XML-RPC 

XML-RPC is a feature in WordPress that allows external services to communicate with your site remotely. You will see a dropdown menu with two specific options. This setting decides if 2FA is required when these external services try to connect.

xml-rpc

Option 1: Do not require 2FA over XMLRPC (default).

  • External tools and mobile apps can connect to your site using just a username and password. They will not be asked for a 2FA code.

Option 2: Do require 2FA over XMLRPC

  • Any connection attempt via XML-RPC (including mobile apps) must provide a valid two-factor authentication code in addition to the password.

Note: Only enable this requirement if you are sure your external apps support Two-Factor Authentication, or if you do not use external apps to manage your site

Encrypt Keys in Database

This feature locks your security codes inside the database to keep them hidden. It adds an extra layer of protection so that even if a hacker gets into your database, they cannot see or steal your login secrets.

database encrypt

Note: Once you enable this feature, it cannot be disabled. However, it is completely safe to keep it enabled.

Important Notice: 

For the highest level of security, we strongly recommend using the Authentication App method (if available) instead of Email OTP. Authentication apps generate codes offline on your device, are immune to email delays, and are virtually impossible to intercept remotely.

Use email OTP primarily as a backup method or for users who are unable to use an authentication app.

Next Steps for Users

Once you have enabled this feature on this page, your users must:

2fa configuration
  • Go to their WordPress Dashboard > Users > Profile page 
  • Scroll down and find the Ultimate Security
  • Select the Authentication App method.
  • Click Setup
  • Scan the provided QR code with their preferred mobile app to finish the connection.
  • Reset 2FA Method settings to restore all settings
Updated on February 15, 2026

What are your Feelings

  • Happy
  • Normal
  • Sad

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *