Two-Factor Authentication (2FA)
Enable Google Authenticator TOTP on Pro login forms — setup, QR codes, and sign-in flow.
Two-factor authentication adds a second step at login: something you know (password) and something you have (a code from an authenticator app).
Requires WP ULike Pro. Uses TOTP compatible with Google Authenticator and similar apps.
Step 1: Enable 2FA in settings
- Go to WP ULike → Settings → Login & Signup.
- Toggle Enable 2-Factor Authentication.
- Save settings.
Step 2: Add the setup form
Members need a page to scan a QR code and register their device.
Add this shortcode to a profile tab, account page, or any front-end page:
[wp_ulike_pro_two_factor_setup]
Common placements:
- A tab on the public profile ( Settings → Profiles → Tabs )
- The edit-account page alongside
[wp_ulike_pro_account_form]
Customize labels under Settings → Translations → Strings → Two Factor Notices.
Step 3: Install an authenticator app
Users need a TOTP app on their phone, for example:
- Google Authenticator (iOS / Android)
- Authy, 1Password, or any TOTP-compatible app
Step 4: Register an account
- While logged in, open the page with
[wp_ulike_pro_two_factor_setup]. - Scan the QR code with the authenticator app (allow camera access if prompted).
- Enter the six-digit code from the app in the field on your site.
- Click Submit.
On success, the account appears in the list. Users can add multiple devices (default limit: 5) or remove old ones from the same page.
Step 5: Sign in with 2FA
After setup, the login flow is two steps:
- Submit username and password on
[wp_ulike_pro_login_form]as usual. - A one-time password field appears — enter the current six-digit code from the authenticator app and submit again.
Wrong codes show the message configured under Two Factor Notices in Translations.
Tips
- Exclude login and 2FA setup pages from full-page cache (WP Rocket, LiteSpeed, etc.).
- Test in a private browser window after enabling.
- If a user loses their device, an administrator can disable 2FA for their account in WordPress user settings or guide them to remove the account from the setup page while still logged in.
Related: Login & Signup Settings · Google reCAPTCHA
Related articles
Continue with these guides
Did this article help?
Pick how you feel, add a note if you want, then hit Send. It takes two seconds and helps us improve this guide.