How to Change Two-Factor Authentication Phone Number on WordPress

Written by: Abigail Ivy
Published on:

How to Change Two-Factor Authentication Phone Number on WordPress

Changing the phone number used for two-factor authentication in WordPress is a security task that often needs careful handling.

The exact steps depend on whether you use WordPress.com, a self-hosted WordPress site, or a security plugin such as Wordfence, WP 2FA, or Duo.

This guide explains how to update the number without losing access, what to do if you are locked out, and how to verify that the new number is working correctly.

What two-factor authentication phone numbers are used for

Two-factor authentication, or 2FA, adds a second verification step beyond your password.

When a phone number is part of the setup, WordPress or a connected plugin may send a text message, call, or recovery code prompt to that number.

In practice, a phone number can be used for several purposes:

  • Receiving one-time verification codes by SMS
  • Recovering account access when an authenticator app is unavailable
  • Confirming identity during admin login or security changes
  • Backing up a primary 2FA method such as an authenticator app

Because 2FA protects site administration, changing the phone number should be done from a trusted, already authenticated session whenever possible.

Before you update the phone number

Before making changes, confirm which system manages your 2FA settings.

WordPress core does not include built-in two-factor authentication for most self-hosted sites, so the setting is usually controlled by a plugin, hosting dashboard, or WordPress.com account security page.

  • Check whether your login uses WordPress.com security, a hosting account, or a plugin
  • Make sure you still have access to the current 2FA method
  • Have backup codes ready in case the change requires re-verification
  • Use a secure, private device and a trusted network when possible

If the phone number is being replaced because the old number is no longer available, recovery steps may be needed first.

How to change two factor authentication phone number on WordPress.com

If you use a WordPress.com account, the phone number is usually managed through your account security settings rather than inside a site dashboard.

WordPress.com may support SMS-based verification depending on your setup and region.

Update the phone number in your account settings

  1. Sign in to your WordPress.com account.
  2. Open your account profile or security settings.
  3. Find the two-factor authentication or verification phone number section.
  4. Edit the current number and enter the new one.
  5. Save changes and confirm the new number if prompted.

After saving, WordPress.com may send a verification code to the new phone number.

Enter that code to complete the update.

If you do not see a phone number option

Some WordPress.com accounts use authenticator apps, passkeys, or backup codes instead of SMS.

In that case, there may be no phone field to change.

Review the security method currently enabled, and update the recovery or second factor details from the same account security page.

How to change the phone number in a WordPress security plugin

On self-hosted WordPress sites, two-factor authentication phone settings are often controlled by a plugin.

The menu labels vary, but the process is usually similar: open the plugin settings, locate the 2FA profile for your user account, and replace the old number.

Wordfence login security

Wordfence focuses primarily on authenticator app and recovery code workflows, but depending on configuration, your 2FA setup may include backup contact details or recovery options tied to your account.

To change the contact number, open the Wordfence login security area from your user profile or plugin settings and update the relevant recovery or verification information.

WP 2FA

WP 2FA typically lets administrators configure second-factor methods for users.

If your site uses a phone number for SMS-based verification or recovery, go to the plugin settings, open the user’s 2FA profile, and replace the phone number with the new one.

Save the changes and test the login flow.

Duo or other external authentication services

If your WordPress login is linked to Duo Security, Okta, or a similar identity provider, the phone number may be managed in that provider’s dashboard rather than in WordPress.

Update the number in the external service, then recheck WordPress login behavior to confirm synchronization.

How to update the phone number from your user profile

Some plugins store 2FA settings inside the WordPress user profile page.

This is common when the site administrator has enabled per-user control over login security.

  1. Log in to WordPress with an account that already has access.
  2. Go to Users and open your profile.
  3. Scroll to the two-factor authentication section.
  4. Replace the existing phone number or recovery contact field.
  5. Save the profile and confirm the change if required.

If the plugin does not expose the phone field in your profile, the change must be made in the plugin’s main settings panel or through the external identity provider.

What to do if you are locked out

If you no longer have access to the old number, you may not be able to complete the change from the normal login flow.

In that case, use recovery methods first.

  • Enter a backup code if one was issued during setup
  • Use an authenticator app if it is still linked
  • Log in from a trusted device where the session is still active
  • Ask an administrator to reset your 2FA settings if you are not the site owner

For self-hosted WordPress sites, an administrator can often deactivate the current 2FA profile for a user and allow re-enrollment with the new phone number.

If you are the only administrator and have no recovery access, you may need help from the plugin vendor or hosting provider.

How to verify the new phone number works

After you change the number, test the entire login process before assuming the update is complete.

A successful save message does not always mean the new number is active for authentication.

  • Log out of WordPress
  • Try signing in again from the same browser or a private window
  • Request a verification code or prompt
  • Confirm that the code arrives at the new number
  • Complete the login and confirm access to the dashboard

If the new number does not receive codes, review formatting, country code entry, carrier restrictions, and plugin-specific SMS settings.

Common problems when changing a 2FA phone number

Several issues can interrupt the update process.

Most are configuration problems rather than account failures.

Wrong country code

Many failures happen because the number is entered without the correct international dialing code.

Always include the proper country code if the plugin or service requires it.

SMS delivery delays

Text messages can be delayed by carrier filtering, network congestion, or plugin service limits.

If a code does not arrive, wait briefly and request a new one only once the system allows it.

Conflicting security methods

If an authenticator app, passkey, recovery code, or email verification is also enabled, the site may prompt for a different method than expected.

Check which method is marked as primary in your account security settings.

Stale browser session

Sometimes the dashboard shows cached security data.

Sign out, clear the browser cache if needed, and reopen the settings page before retrying the change.

Best practices for WordPress 2FA contact updates

Changing a phone number is a good time to improve your site’s overall account security.

A phone-based second factor is helpful, but it is usually stronger when paired with backup methods.

  • Use an authenticator app as the primary second factor when possible
  • Store backup codes in a secure password manager
  • Keep at least one recovery method separate from the phone
  • Review administrator roles and remove unused accounts
  • Update phone numbers immediately after number changes or carrier transfers

These habits reduce the risk of lockouts and make account recovery easier if a device is lost or replaced.

When to contact support

If you cannot find the setting, cannot verify the new number, or cannot access the old phone, contact support for the specific system managing your authentication.

That may be WordPress.com support, your plugin vendor, or your hosting provider.

When you reach out, include the plugin name, your WordPress role, the exact error message, and whether you still have access to any backup codes or authenticator app.

That information helps support resolve the issue faster.

More to Explore

Read More Articles

Best Wide Format Laminator

Get ready to discover the 10 best wide format laminators that elevate your finishing process—find the perfect match for your professional needs!

Read more →

Best Shipping Scale

Make informed decisions for your business with the top 10 shipping scales of 2025—discover which models are truly worth your investment.

Read more →

Best Rackmount Nas

Navigate the top 10 rackmount NAS devices of 2026 for ultimate data storage solutions and discover which model could revolutionize your setup.

Read more →

Best Office Lockbox

Learn about the top 10 office lockboxes of 2026 that guarantee your valuables' safety—discover which features make them indispensable for your workspace.

Read more →

ROIHacks.com

Hundreds of online marketing tutorials, guides and free resources

Tutorials

Facebook page
Facebook Ads
Facebook Pixel
Instagram Marketing
Facebook Group
Facebook Business Manager

Company

About
Contact Us

Email: [email protected]

Follow Us!

Copyright © 2026 All Rights Reserved

Privacy policy

Cookie Policy