How to enforce email-2FA for your users

Before we explain this, it's important to know that, when you enable email-2FA, it will apply only on the selected (listed) user roles. If you don't select (list) any of the user roles, 2FA will not work.

How to enforce email-2FA for your users

If you go to the Shield main menu > Config > Login Guard > 2FA By Email > Enforce-Email Authentication, you'll see the list of the user roles, such as contributor, author, administrator, subscriber, shop_manager, etc.

Here, you can provide custom roles for email-2FA enforcement.

Let's say you want to enforce email-2FA for Administrators and Subscribers only.

You'll just need to set-up email-based 2FA and make sure that those roles are listed (selected).

Note: If a user has multiple roles assigned to it, all roles will be checked against this list.

Next time Administrators and Subscribers try to login, they'll be enforced to email-based authentication: