What is 2-Factor Authentication by Email?

First, you need to understand what exactly 2-Factor Authentication is - you can read this blog article here explaining that.

Shield Security Plugin has integrated easy-to-use two-factor authentication. By forcing users to confirm their identity, it locks-down WordPress account access to the verified account owners only.

The all "2FA By Email" settings in Shield are accessible from within the main Security Zones menu > Login > Zone Actions > Configure All Related Login Options > 2FA: Email. (see the screenshots below)

When 2-factor authentication by email is enabled, and a user attempts to log into their account, the system will ask:

• Does the user have a valid, two-factor authentication session that was set by the plugin?
• If so, It will query the database for the unique authentication code that the cookie should have and try to match them.

If the answer is 'Yes' and the stored authentication code is valid, then the login will be permitted.

If the answer is 'No', login will be temporarily rejected,.

This effectively tells the Shield plugin that:

• The person with that email address, connecting to the site using this particular browser is actually who they say they are

In this way, you determine that every user that logs in is valid.

What if you haven't received user verification email?

Please read this help article here.

To learn how to set-up 2-Factor Authentication by email properly, please read this step-by-step settings guide here.