Because we want to make WordPress.com accounts as secure as we can, we’ve made it easier for you to set up two-factor authentication for your account, so you can take advantage of the top-of-the-line security standard.
WordPress.com has supported two-factor authentication (2FA) since 2013. Also known as two-step verification, two-factor authentication allows you to protect your WordPress.com account with both a password and a time-sensitive code you get from your mobile device.
To enable two-step authentication, tap your profile picture to jump into the “Me” section and hit the Security tab. Click on “Two-Step Authentication,” and initiate the setup wizard. You can opt to use an independent mobile app, like Google Authenticator or Authy, that will generate access codes for you, or you can get codes texted to your phone via SMS.
Once two-factor authentication is set up, when logging into your WordPress.com account, you’ll use both your account password in addition to the unique code you receive, ensuring that nobody but you can access your information.
Our teams work around the clock to ensure that WordPress.com is the most secure place to host your website and blog content. We encourage our wonderful users to leverage all of the security measures out there, and hope that two-factor authentication will become a part of your daily blogging routine. For extra help, check out our support documentation.
Filed under: Security 
