By default, WP 2FA allows users to disable 2FA from their user profile page. WordPress administrators who would not like to give their users this option can hide the remove 2FA button from here.
From the WordPress main menu, click on WP 2FA and then click on 2FA Policies. If you want to enable this feature for all user accounts, ensure you are on the Site-wide policies tab. Otherwise, select the role you want to apply this feature to from the role drop-down tab.
Scroll down to Should users be able to disable 2FA on their user profile? and choose from the following options:
Hide the Remove 2FA button - Enable this option to hide the Remove 2FA button thus preventing users from disabling 2FA.
Last updated on May 30, 2022