Resetting WordPress Two-Factor Settings

The Two Factor plugin for self-hosted WordPress sites is an excellent way of improving the security of your site. There were plans to move this into Core last year but this hasn’t happened – to be honest, I suspect it may be due to how unfinished it currently is, in particular it’s not very user-friendly.

One such “unfriendly” feature is that once you set up a third party authenticator app (which you do via a QR code) there’s no option to do it again – switch phones or apps and there’s no way to set this back up again.

For now, the way around this is to access your MySQL database and run a quick query to cause this to reset. Assuming you have a standard table prefix of wp_ then you would need to run the following…

DELETE FROM wp_usermeta WHERE meta_key = "_two_factor_totp_key"

Once run, edit your profile and you can now re-access the QR code for setting the authentication code up again.

Posted by David Artiss

Happiness Engineer for the WordPress VIP team at Automattic. Gamer, entertainer and general fan of all things Marvel.

Talk to me!

This site uses Akismet to reduce spam. Learn how your comment data is processed.