Passwords alone are not enough. Two-factor authentication (2FA) requires a second verification step after the password, so a stolen credential cannot log in on its own. WP Ghost supports three 2FA methods: authenticator apps like Google Authenticator and Authy, email-delivered one-time codes, and passkeys using Face ID, Touch ID, Windows Hello, or hardware security keys. Passkeys eliminate phishing entirely because there is no code to intercept. All three methods are free and configurable per user.
Passkeys are the next step in modern authentication. Instead of receiving a code, you simply confirm your login using your device – with Face ID, Touch ID, Windows Hello, fingerprint scan, or a secure PIN.
With the WP Ghost plugin, you can activate 2FA to secure your website’s login path, adding an extra layer of protection to your admin dashboard. This feature ensures that even if a hacker gains access to your password, they won’t be able to log in without the second authentication factor.
Step-by-step guides to connect WP Ghost 2FA with Google Authenticator, Authy, Microsoft Authenticator, or LastPass. Scan QR code, enter verification code, done.