WP Engine fifteen year anniversary logo Contact Us
WP Engine fifteen year anniversary logo
WordPress HostingGrow your business with effortless site management, performance, security, & support.WooCommerce HostingSell online with improved performance and caching optimized for WooCommerce.Headless PlatformBuild, deploy, and manage headless websites with one integrated platform.All WP Engine Products
Website Tools
Smart Plugin ManagerGlobal Edge SecurityWebsite MonitoringLocal WordPress DevelopmentPage Speed BoostWP Engine Smart Search AIApplication Performance
WordPress Plugins
Advanced Custom FieldsNitroPackWP MigrateWP Offload MediaWP Offload SES
24/7 WordPress SupportAward-winning technical expertise, whenever you need it. Fast WordPressExperience optimal speed, reliability, and scalability with WP Engine. Secure WordPressEnterprise-grade security & proactive monitoring to protect your site. Free WordPress MigrationStress-free migrations, handled by our team of trusted experts. Advantages of WordPressUnlock possibilities with the world’s top content management system.
WP Engine Difference
Why WP EngineOur Platform TechnologyWordPress CMSManaged HostingWP Engine ReviewsCase Studies
Solutions For
EnterprisesAgenciesSmall BusinessesDevelopers
Hosting for EnterprisesPremium WordPress hosting with advanced security and expert support. Enterprise Plans & PricingCustomizable hosting with enhanced features and dedicated support. Case StudiesSuccess stories of performance gains and cost savings with WP Engine. Hidden Costs of Self-HostingFrom developer time to security and compliance, the true costs add up fast.

Find out why 200,000+ customers trust WP Engine.

WP Engine for AgenciesWhere agencies build smarter, manage easier, and grow bigger. Agency Hosting PlansBoost profits with scalable pricing and managed hosting tailored for agencies. Agency Partner ProgramGet priority support, discounted pricing, referral commissions, & more. Agency Partner AwardsCelebrating the exceptional work of our agency partners worldwide. Case StudiesSee how others are building successful websites with WP Engine. Find an AgencySearch our directory of expert agencies that specialize in WordPress.

“Building on WP Engine enabled us to concentrate fully on our expertise, knowing everything from hosting performance to security was being managed by their experts.”

Somer Athari, Noble Studios

2024 WP Engine APP Award Winner

ResourcesFind articles, ebooks, white papers, case studies, and more. Customer SupportSearch support articles from our technical experts. FAQA list of commonly asked questions regarding WP Engine's service. Builder CommunityLearn how to build modern and headless websites. Website TesterGet a detailed site health report filled with speed and security insights.

Need more help?

Our team of experts is here to help you accomplish your goals. Contact Us.

Contact UsLog In
Call Sales: 1-877-973-6446
Plans & Pricing
Resource Center
‹ Back to Resource Center
hands setting up index fingerprint for multi-factor authentication on a mobile device

Keep Your Account Safe With Multi-Factor Authentication

Posted by Matthew Cardenas

Last updated on May 30th, 2025

Protecting your account is more important than ever. Multi-Factor Authentication (MFA) is one of the best ways to keep yourself secure. 

This guide will explain the different MFA options WP Engine supports via our User Portal, how they work, and how they compare in terms of security.

What is multi-factor authentication?

MFA adds an extra layer of security beyond just your password. It requires you to verify your identity using a combination of two or more different methods:

  1. Something you know (like your password)
  2. Something you have (like your phone or a security key)
  3. Something you are (like your fingerprint)

By requiring multiple verification methods, MFA makes it much harder for hackers to gain unauthorized access to your WordPress site on WP Engine.

Our supported MFA options

1. Email authentication

What it is: Email MFA sends a one-time code to your registered email address when you attempt to log in.

Setup: Automatically enabled for all accounts on WP Engine.

Security level: ★★☆☆☆ (Basic)

Protects against: Password theft, brute force attacks

Limitations: If your email account is compromised, this method becomes vulnerable. Also, email delivery can sometimes be delayed or blocked by spam filters.

Best for: Users who want a simple solution without installing additional apps.

2. Okta Verify

What it is: A mobile app that sends push notifications to your phone for authentication.

Setup:

  1. Download Okta Verify from the Google Play Store or the Apple App Store.
  2. Select “Okta Verify” in the MFA page.
  3. Follow the guided setup process.

Security level: ★★★★☆ (Strong)

Protects against: Password theft, phishing, and man-in-the-middle attacks

Limitations: Requires a smartphone and an internet connection.

Best for: Users who want a convenient yet secure option that doesn’t require entering codes manually.

3. Authenticator app

What it is: An app that generates time-based one-time passwords (TOTP) that change every 30 seconds.

Setup:

  1. Download an authenticator app (like Google Authenticator) from the Google Play Store or Apple App Store.
  2. Scan the QR code provided in the WP Engine User Portal with your app.
  3. For backup, scan the same QR code on multiple devices before completing setup.

Security level: ★★★☆☆ (Medium)

Protects against: Password theft, phishing, and replay attacks

Limitations: Copying the code to multiple devices increases the possibility of compromise. 

Best for: Users who want strong security with offline capabilities.

4. Security key or biometric authenticator (FIDO2/WebAuthn)

What it is: Physical security keys (like YubiKey or Google Titan) or built-in biometric authentication (like fingerprint readers or facial recognition).

Setup: Varies based on the specific device, but typically involves registering your security key or biometric data through the User Portal.

Security level: ★★★★★ (Strongest)

Protects against: Password theft, phishing, malware, and sophisticated remote attacks

Limitations: May require purchasing additional hardware (for security keys) or a compatible device (for biometrics).

Best for: Users who want the highest level of security, especially for administrative accounts.

Comparison and recommendations

For casual users

Recommended: Email or Authenticator App

Both provide a good balance of security and convenience. Email requires no setup, while an Authenticator app can offer better security with minimal setup.

For regular business users

Recommended: Okta Verify or Authenticator App

These options provide strong security while remaining convenient for daily use.

For administrators or high-security needs

Recommended: Security Key or Biometric Authentication

These provide the strongest protection against sophisticated attacks and are therefore recommended only for accounts with administrative privileges.

Best practices

  1. Enable at least one MFA method beyond email for optimal security.
  2. Ensure your WP Engine password is updated and does not match your other passwords.
  3. Store backup codes securely. 
  4. Keep authentication apps and devices updated.
  5. Use phishing‑resistant factors (Okta Verify or FIDO2/WebAuthn) for privileged access.

By implementing MFA, you significantly reduce the risk of unauthorized access to your WordPress site, even if your password is compromised. Choose the method that best fits your security needs and technical comfort level.

Need help?

If you encounter any issues setting up or using any of these MFA methods, please contact our support team for assistance.

Get started

Build faster, protect your brand, and grow your business with a WordPress platform built to power remarkable online experiences.

Get Started

Explore WordPress Hosting