Two-factor authentication (2FA) adds an extra layer of security to your Plesk account. After entering your password, you will also need to enter a verification code from an authenticator app on your phone. This makes it much harder for unauthorized users to access your account, even if they know your password.

Prerequisites

  • The Multi-Factor Authentication (MFA) extension must be installed. Contact your hosting provider if it is not available.
  • An authenticator app installed on your phone (e.g., Google Authenticator, Authy, or Microsoft Authenticator).

Enabling 2FA

  1. Log in to Plesk.
  2. Go to ExtensionsMulti-Factor Authentication.
  3. Select Enable Multi-factor Authentication.
  4. A QR code will appear on the screen.
  5. Open your authenticator app on your phone.
  6. Tap Add accountScan barcode.
  7. Point your phone camera at the QR code on the screen.
  8. The app will add your Plesk account and begin generating 6-digit verification codes.
  9. Enter the current verification code from the app into the Verification code field in Plesk.
  10. Optionally enable "Remember Device" to skip 2FA on trusted devices for 30 days.
  11. Click OK.

Logging In With 2FA

After enabling 2FA, the login process becomes:

  1. Enter your username and password as usual.
  2. Plesk will ask for a verification code.
  3. Open your authenticator app and enter the current 6-digit code.
  4. If you enabled "Remember Device", check the box to skip 2FA on this device for 30 days.

Reconfiguring 2FA

If you lose access to your authenticator app or get a new phone:

  1. Go to ExtensionsMulti-Factor Authentication.
  2. Disable 2FA by clearing the Enable Multi-factor Authentication checkbox and clicking OK.
  3. Re-enable 2FA and scan the new QR code with your new device.

Important Notes

  • Save your backup codes when setting up 2FA. These can be used to log in if you lose access to your authenticator app.
  • Verification codes expire every 30 seconds. If your code is rejected, wait for a new one.
  • Your hosting provider may enforce 2FA for all users. In that case, you cannot disable it.

Troubleshooting

Cannot scan the QR code:

  • Use the manual setup option — enter the secret key displayed below the QR code into your authenticator app.

"Invalid verification code" error:

  • Make sure the time on your phone is set to automatic. 2FA codes are time-based.
  • Wait for a new code to generate (codes refresh every 30 seconds).

Locked out of Plesk:

  • Contact your hosting provider to disable 2FA on your account.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Install a Free SSL Certificate with Let's Encrypt in Plesk

Plesk makes it easy to secure your website with a free SSL/TLS certificate from Let's Encrypt....
How to Force HTTPS and Redirect HTTP to HTTPS in Plesk

After installing an SSL certificate, you should ensure that all visitors access your website...
How to Upload a Custom SSL Certificate in Plesk

If you have purchased an SSL certificate from a certificate authority (e.g., Comodo, DigiCert,...
How to Protect Your Plesk Login with IP Access Restrictions

If you want to limit who can access your Plesk login page, you can restrict access by IP address....
How to Reissue and Replace an SSL Certificate in Plesk

If your SSL certificate has been compromised, contains incorrect details, or you've changed your...