Do you run a blog or website that’s powered by WordPress?
If so, you’re probably aware that hackers are constantly trying to break into WordPress sites and take them over so they can use them for nefarious purposes.
As you know, using a strong password will help prevent hackers from breaking in to your site’s WordPress Dashboard, but enabling Two-Factor Authentication on your account will add an extra, even stronger layer of protection.
If you don’t already have Two-Factor Authentication enabled on your WordPress Dashboard admin account I strongly encourage you to enable it as soon as possible.
But there’s one thing you need to be aware of in regards to Two-Factor Authentication: There might come a time when you’ll be unable to retrieve the Two-Factor Authentication login codes from the authenticator app for some reason.
And as you know, without the code you won’t be able to log into your account – even if you know the password.
But here’s a little tidbit of info for you: If you ever need to log into WordPress but you can’t retrieve the Two-Factor Authentication code, there’s a trick you can use to log into your account even if you don’t have access to the Two-Factor Authentication code.
All you need to do is login to your web server’s control panel and temporarily rename the folder containing your authenticator plugin (Google Authenticator, Authy, etc.).
My server uses CPANEL so I’ll give you instructions for that, but this basic procedure will work with other control panel platforms as well. Just find the File Manager tool (or equivalent) and you’ll be all set.
This short video shows how to temporarily disable your Two-Factor Authentication plugin so you can sign into your WordPress account with having to enter the 2FA code.
Note: You can watch this video at full screen by clicking the little “square” icon in the lower-right corner of the video after it begins playing.
Do you prefer following written instructions? Here you go:
1 – Sign into CPANEL using the login info you received from your hosting company.
2 – Scroll down to the “Files” section and click File Manager.
3 – Double-click on the globe icon beside public_html.
4 – Double-click on the wp-content folder icon.
5 – Double-click on the plugins folder icon.
6 – Right-click on the folder containing your authenticator plugin and temporarily rename it.
Note: I simply rename it by appending -bak to the folder name.
OK, you’re done with CPANEL for now. Renaming the folder containing your authenticator plugin effectively disables it, allowing you to sign into your WordPress Dashboard without having to enter a Two-Factor Authentication code.
Now you can head back to WordPress and sign into your account. After you’re signed in you should immediately return to CPANEL (or whichever control panel your server uses) and rename the folder containing your authenticator plugin back to its original name (I simply remove the -bak that I appended to the name earlier).
Be sure not to forget this step or your WordPress Dashboard will go unprotected by Two-Factor Authentication!
That’s all there is to it. Now you know how to bypass Two-Factor Authentication in order to sign into your own WordPress Dashboard if you’re ever in a situation where you’re unable to retrieve your 2FA code.