Skip to content

Setting up 2-FA

Two-factor authentication (2-FA) adds a second layer of security to your account. In addition to your password, you’ll need to approve each login using an app on your phone. As set out in the Website Security Policy, 2-FA is required for all users and must be enabled within 72 hours of being granted access.

You’ll need your phone with an authenticator app installed before you begin. If you don’t have one yet, download Google Authenticator, Microsoft Authenticator, or Authy from your phone’s app store.


On your computer, visit ohs.org.uk/wp-admin/profile.php. Log in with your username and password if prompted.

Scroll down to the Two-Factor Options section and check the box next to Enable Authenticator App.

3. Add a new account in your authenticator app

Section titled “3. Add a new account in your authenticator app”

Open your authenticator app on your phone and tap the + button to add a new account.

Choose Scan a QR code and point your phone’s camera at the QR code shown on your computer screen. Your app will automatically add the OHS account.

Your authenticator app will display a 6-digit code. Type this code into the verification field on the WordPress profile page and click Verify.

Scroll to the bottom of the page and click the blue Update Profile button.


Recovery codes let you access your account if you ever lose your phone or can’t use your authenticator app. As outlined in the Website Security Policy, these must be stored securely in an encrypted password manager — not in a plain text file, email, or document.

Back on your WordPress profile page, scroll to Two-Factor Options and check the box next to Enable Recovery Codes.

Click Generate Recovery Codes, then download the codes file.

Save the codes in your password manager alongside your OHS password. You will need these if you ever lose access to your phone.

Scroll to the bottom of the page and click the blue Update Profile button.


That’s it — 2-FA is now active on your account. From now on, every time you log in to WordPress you will be taken to a second screen after entering your password. Open your authenticator app, find the current 6-digit code for the OHS account, and enter it to complete your login. The code refreshes every 30 seconds, so use it promptly.

The two-factor authentication screen showing a field for the 6-digit authentication code and a Verify button