Description
LoginArmor adds an extra layer of protection to WordPress logins by requiring a one-time verification code after a valid username and password are entered.
Key features
- Email-based one-time passcodes for WordPress logins
- Apply 2FA to selected user roles
- Apply 2FA to specific users
- Optional grace period before activation is enforced
- Recovery codes for backup access
- Customizable email subject and login code email template
- Optional debug logging to
wp-content/uploads/loginarmor-email-2fa/loginarmor-debug.log - Dedicated settings screen inside the WordPress admin
How it works
- A user enters a valid username and password.
- LoginArmor sends a one-time code to the user’s email address.
- The user enters the code to complete login.
- If needed, the user can use a recovery code instead.
Recovery codes
The plugin includes recovery codes as a backup login option. Codes are stored securely as hashes in user meta. Plaintext codes are shown only temporarily so users can save or download them once.
Grace period
You can optionally set a grace period in days. During the grace period, eligible users can continue signing in while they complete activation. After the grace period ends, 2FA is enforced.
No external service required
LoginArmor uses WordPress email delivery and does not require a third-party 2FA service.
Privacy
LoginArmor does not connect to an external third-party verification service.
The plugin may process and store the following data on your WordPress site:
- Email-based one-time passcodes for login verification
- Recovery code hashes stored in user meta
- Optional debug log entries in
wp-content/uploads/loginarmor-email-2fa/loginarmor-debug.log - Temporary transients used for login, cooldown, and verification flow
This data stays on your site unless your own email delivery system or hosting stack routes it elsewhere.
Screenshots
Configure 2FA Setting 
Configure Email Template
Installation
- Upload the plugin files to the
/wp-content/plugins/loginarmor-email-2fa/directory, or install the plugin through the WordPress plugins screen. - Activate the plugin through the Plugins screen in WordPress.
- Go to LoginArmor in the WordPress admin menu.
- Enable two-factor authentication.
- Choose the user roles and/or specific users who should use 2FA.
- Configure the grace period if needed.
- Customize the email subject and email template if desired.
- Save your settings.
FAQ
-
Can I apply 2FA to only some users?
-
Yes. You can apply 2FA by user role, by specific users, or both.
-
What happens if a user cannot access their email?
-
They can use a recovery code if one has been generated and saved.
-
Can I customize the email content?
-
Yes. You can customize the sender email address, subject line, and login code email template from the plugin settings.
-
Does the plugin require a third-party account?
-
No. It works with your WordPress site and its email sending setup.
-
Where are recovery codes managed?
-
Recovery codes are available from the user profile area and are intended to be saved by the user for emergency access.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“LoginArmor – Email 2FA” is open source software. The following people have contributed to this plugin.
Contributors
Translate “LoginArmor – Email 2FA” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0
- Initial release
- Improved settings handling and login flow stability
- Refined admin UI and general plugin behavior