WordPress, install 2FA plugin when using Roots Bedrock
There are many ways of accomplishing this task. In this article I shall be using the WP 2FA – Two-factor Authentication Plugin and 1Password as the authenticator. The main topic here shall be explaining the additional step required when using Roots Bedrock or any other
.env style setup for
WordPress structure hierarchy (like Capistrano).
The plugin expects to be able to access the
wp-config.php file, which it cannot and details need to be manually added to the appropriate
environment configuration overrides files. I’ll show you in 3 easy steps how to setup and configure for a
.env type system.
What to look for gallery
• Image 01
2FA Plugin Authentication ScreenBack to Images
- • Image 02
2FA Plugin Warning NoticeBack to Images
- • Image 03
MySQL WP Options Table
Step 1. Install and Activate WP 2FA Plugin
As you are using a
.envstyle setup installing will most likely be done via
Add to your
composer.jsonfile (adding version number if required) then activate on the Plugins Admin Page.
Step 2. Configure 2FA and Authorise via 1Password
You will be presented with a configuration Wizard, follow the steps setting up the required functionality you need. The last part of this process is activating the authorisation. The screen (See Image 1) includes a
QR Code– this can be used by 1Password by choosing ‘Scan QR Code’ from the menu. You can find further details for this process following this link.
Step 3. Move WP 2FA private encryption key from Database to environment config file
If you go to the Settings Page for
WP 2FA, you’ll see a warning at the top of the page (See Image 2.) This is the main reason for this article so I’ll break it down into smaller steps as there are some details that need attention.
• Step 3.1
As a precaution make backups of the Website and Database.
• Step 3.2
• Step 3.3
Find and copy the encryption key in the
wp_optionstable of the WordPress Database. The option name is
wp_2fa_secret_key(See Image 3.) The Database Table may have a different prefix than
wp_(like the example in Image 3) so look for
• Step 3.4
Add the copied private key to the appropriate environment config file by adding the following line (or equivalent for your setup.)
Config::define( 'WP2FA_ENCRYPT_KEY', 'your-encryption-key-here' );
• Step 3.5
Remove the private key from the Database by deleting the entry.
• Step 3.6
The process is now complete
All being well the warning message will now no longer be shown and you have a working two-factor authentication system in place for your site.
Hopefully this was a quick and painless exercise to get the
WP 2FAplugin working in a Roots Bedrock type setup. If you use a different (or better) solution please get in touch and let me know.
// End of Article
Topics: #Tech-Stack, #WordPress
- 1password Home (1password.com)
- Capistrano Home (capistranorb.com)
- Roots Bedrock Home (roots.io)
- Use 1Password as an authenticator for sites with 2FA (support.1password.com)
- WP 2FA – Two-factor Authentication Plugin (wordpress.org)
- • Image 02