Keeping your child sites secure is always worth taking the time to setup now more than ever. There is a new easy to use plugin for 2FA (two-factor authentication) and it is called WP 2FA. The plugin is from the same developers as WP Security Audit Log.
After you have installed and activated the WP 2FA plugin on your child site you can quickly go through the setup wizard. The recommended method will be to use the Google Authenticator application which is available for iOS and Android.
The setup wizard will guide you through the QR code to scan in the Google Authenticator application which means that before going through this you will need to have the application downloaded and installed on your phone.
Once you have gone through the setup wizard you will now have 2FA enabled on your site.
During the setup wizard, you can include which user roles will need to use 2FA as well as which user roles you want to exclude from 2FA.
You can also set the grace period before users will be forced to use 2FA in order to be able to login on the child site.
The final step will allow you to generate backup codes that can be downloaded or printed.
With WP 2FA plugin enabled after you have logged in on
wp-login.php you will need to have your Google Authenticator application open then when prompted to enter the current 2FA code that was generated. If for some reason you are having issues using Google Authenticator application it is possible to use one of the backup codes to gain access to your child site.
Using WP 2FA is a very easy to use plugin which will help secure your child site using 2FA.