Support

Admin Tools

#43157 2FA with admintools

Posted in ‘Admin Tools for Joomla!’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 15 July 2026 13:41 CDT

houba_houbi
Hello,
I use Admin Tools for both Joomla and WordPress. I’ve seen forum posts mentioning two-factor authentication (2FA), but I can't find where to configure it within Admin Tools?
If this feature isn't built-in: for Joomla, the native 2FA option works fine, but for WordPress, I need a plugin like WP 2FA. Regarding enforcing 2FA for all roles with administrative access, I noticed there are roles specific to Akeeba Backup; should I configure 2FA for those roles as well?
Thanks

nicholas
Akeeba Staff
Manager

WordPress core lacks 99% of the features built into Joomla, even basic security features like MFA. Admin Tools for WordPress does not have a 2FA / MFA feature. There are third party plugins for WordPress, as you said. You should indeed use them.

Regarding roles, Akeeba Backup offers optional roles if you want to allow someone who's not an Administrator to take, manage, or configure backups. By default, no user is assigned to those roles. Moreover, these are not login roles, i.e. you cannot have a user which only belongs to that role. You need to enforce 2FA / MFA to login roles.

It may help your mental model if you translate WordPress role = Joomla user group. They are not technically the same, but they are close enough in what they do to make this a valuable mental model for understanding access control in WP coming from Joomla.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

houba_houbi
Oh yes I prefer Joomla with a few extensions needing. A basic Wordpress needs easily 10 plugins...
OK thank you for your explanation. So I only activate 2FA for administrator, author, contributor and editor.

nicholas
Akeeba Staff
Manager

Correct.

And yeah, even the most basic WordPress site needs a ton of third plugins. I've found two issues with that. One is that a lot of the functionality you get for free in Joomla has a real per site cost in WordPress which left me thoroughly unimpressed. Two is that having so many plugins from so many different developers increases your security exposure surface area beyond what I would consider reasonable or even safe (hence the plethora of hacked WordPress sites). I keep reminding people of these two basic facts whenever they bleat that Joomla has too many features in the core. But I digress :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!