How can we help?

Search for answers or browse our knowledge base.

Table of Contents

How to manually add the WP 2FA encryption key to wp-config.php

WP 2FA encrypts user information, such as 2FA keys, to keep things safe and secure. By default, the plugin saves the private key is stored in the wp-config.php file, however, if there is an issue with writing to the wp-config file, WP 2FA will save it to the database. If this happens, you’ll need to manually retrieve the private encryption key from the database and write it to the wp-config file. This how-to will show you how.

Why is the key stored in the database?

In certain cases, WP 2FA may fail to write the private encryption key in the wp-config file. In the vast majority of cases, this is either due to the WordPress user having insufficient privileges over wp-config or the file being split.

How do I know if WP 2FA saved the key in the database?

When WP 2FA fails to write the private encryption key to the wp-config file, it will display a notification advising you that this is the case.

write key to file now

If you do not see a notification, then WP 2FA has successfully managed to write the encryption key to the wp-config file. You can also verify this by opening your wp-config file and confirming there’s a WP2FA_ENCRYPT_KEY entry.

How to move the WP 2FA private encryption key from the database to the wp-config file

Step 1: Backup the website and database as a precaution
Step 2: Disable the WP 2FA plugin
Step 3: Find and copy the encryption key that is stored in the WordPress database. The option name is wp_2fa_secret_key. On a single site installation the plugin is saved in the wp_options table. On a multisite network, it is stored in the wp_sitemeta table.
Step 4: Add the copied private key to the wp-config.php by adding the following line: define( ‘WP2FA_ENCRYPT_KEY’, ‘your-key-here’);
Step 5: Remove the private key from the database by deleting the entry
Step 6: Re-activate the WP 2FA plugin