Download

Two Factor Authentication

By miniOrange

Description

Note: The two factor plugin is GDPR Compliant and supports wide variety of Language Translation
** Customized solutions and Active support is available. Email us at info@xecurify.com or call at +1 9786589387.**

A simple light weight and highly secure Two-Factor Authentication(2FA/TFA) for your WordPress site. This plugin adds an additional layer of Authentication to your WordPress login after entering the correct username and password. It protects your website from hacks and unauthorized login attempts.

Google Authenticator and other 2 Factor ( 2FA, Two Factor Authentication ) sync on multiple websites with the same OTP

You would not need to configure Google Authenticator and other Two Factor Authentication ( 2FA ) methods from the second site onword. Just login with a miniOrange account and your 2FA will automatically get set. This is available for Google Authenticator, Duo Authenticator, Microsoft Authenticator, Security Questions, LastPass, Authy, miniOrange methods, OTP over SMS, OTP over Email. It is supported only if you are using our cloud services of 2 Factor.

supports variety of WordPress forms

Features

  • You can login using username + password + two-factor or username + two-factor.
  • If your phone is lost or stolen or discharged, we offer alternate login methods like OTP Over Email and Security Questions (KBA).
  • We support multi factor authentication for all types of phones.
  • Simplified & easy to user interface.
  • Two Factor Authentication (2FA/Google Authenticator) for 1 User forever FREE!
  • Variety of Authentication Methods: Any App supporting TOTP algorithm like Google Authenticator, OTP over SMS, Duo Authenticator, OTP over EMAIL, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA)
  • Includes Language Translation Support. Supports a wide variety of languages
  • Passwordless login or login without password or login with phone number, supported for Google Authenticator and other 2FA methods.
  • This plugin Supports standard TOTP + HOTP protocols for Authentication Methods.
  • Two Factor Authentication (2FA) allows authentication on the login page itself for Google Authenticator & miniOrange Soft Token.

Apps Supported by miniOrange Two Factor Authentication?

  • Google Authenticator.
  • miniOrange Authenticator.
  • Microsoft Authenticator.
  • Authy Authenticator.
  • LastPass Authenticator.
  • Duo Authenticator,

How is miniOrange Two Factor Authentication different?

  • We support multiple authentication methods along with their backup method.
  • We support Device Identification. If the user selects to remember the device then in the next login from the same device, the user will not be prompted for Two Factor.
  • We support Two Factor like OTP over SMS, OTP over Email, etc for Woocommerce frontend login theme.
  • ShortCode is now available for different frontend custom login pages.
  • Two Factor Auth using ShortCode for Premium themes are also supported. If you need help integrating Two Factor, you can contact us.
  • We support passwordless login on user role based. You can choose which role needs to enter the password and which role can login without password.
  • It is very difficult to login into your site from a mobile browser with second factor enabled. We provide you an option that will convert any authentication method into Security Questions (KBA) on mobile browser.

Why do you need to register?

miniOrange Two-factor Plugin uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users calls can be only accessed by API keys assigned to you.
Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or 2-factors.

Standard Plugin Features

  • Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
  • Available Authentication Methods: Google Authenticator, Authy Authenticator, LastPass Authenticator, OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, QR Code, Push Notification, Soft Token, Security Questions(KBA). ( SMS credits need to be purchased as per the need)
  • Includes language Translation Support. Supports a wide variety of languages.
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
  • Backup Method: KBA(Security Questions), OTP over Email
  • Multisite compatible.
  • User role based redirection after Login, Customize account name in Google Authenticator app
  • Custom Security Questions (KBA)

Premium Plugin Features

  • Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
  • Available Authentication Methods: Google Authenticator, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. ( SMS and Email credits need to be purchased as per the need)
  • Language Translation Support
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
  • Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes
  • Multisite compatible.
  • Email notification to users asking them to set up Two Factor Authentication (2FA).
  • User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
  • Enable Two Factor Authentication (2FA) for specific Users/User Roles
  • Choose specific authentication methods for Users
  • App Specific Password to login from mobile Apps
  • Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on

Enterprise Plugin Features

  • Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
  • Available Authentication Methods: Google Authenticator, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. ( SMS and Email credits need to be purchased as per the need)
  • Language Translation Support
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
  • Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes
  • Multisite compatible.
  • Email notification to users asking them to set up Two Factor Authentication (2FA).
  • User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
  • Enable Two Factor Authentication (2FA) for specific Users/User Roles
  • Choose specific authentication methods for Users
  • App Specific Password to login from mobile Apps
  • Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
  • **Brute force attack prevention, IP Blocking & User login Monitoring. **
  • File protection & strong password

PASSWORDLESS LOGIN ( login without password )

Passwordless login (Login without password) is a new way of login in which you and your users can login without entering the password. The login can be done by username and 2 factor or only username which can be decided based on the user role. If a role is not allowed for passwordless login they will login with password and username. miniOrange supports many two factor authentication methods for passwordless login. You can use google authenticator, webauthn, fingerprint login, otp over sms and email for login without password.

WebAuthn (FIDO2) Passwordless login ( Login without password by using FIDO 2 WebAuthn )

WebAuthn is a browser-based API that allows for web applications to simplify and secure user authentication by using registered devices (phones, laptops, etc) as factors. It uses public key cryptography to protect users from advanced phishing attacks. It will allow you to provide your users an option for usernameless login. With the help of webauthn your users can login with fingerprint, FaceID, TouchID, etc.

= Device restriction with webauthn ( FIDO 2 )=
Webauthn allows you to restrict the number of devices per user. You can allow a user any number of devices they can use to login to your website. Webauthn also covers passwordless and usernameless login in which your users can login from the allowed device without password and username.

Session restriction and Device restriction

Two factor authentication plugin allows you to restrict the number of devices as well as number of active sessions for a particular user.

Passwordless login / Login without Password

Passwordless login or login without password is a new way of login in which you and your users can login without entering the password. The login can be done by username and 2-factor or only username which can be decided based on the user role. If a role is not allowed for passwordless login they will login with password and username.

Single Sign on into any cloud application E.g Google Apps, Salesforce, Office 365, Box, DropBox etc are supported. Check out 3000+ apps that are supported here http://miniorange.com/single-sign-on-sso

miniOrange supports 15+ authentication methods. For a complete list of authentication methods please visit http://miniorange.com/strong_auth . If you want to have any other 2-factor for your WordPress site, Contact us.

  • OTP over SMS
  • OTP over Email
  • Soft Token (similar to Google Authenticator)
  • Security Questions
  • Mobile Authentication ( QR Code authentication )
  • Device Identification
  • Location
  • Time of Access
  • User Behavior
  • Passwordless login (login without password)

You can choose from any of the above two factor auth methods to augment your password based authentication. miniOrange multi factor authentication service works with all phone types, from landlines to smart-phone platforms.

For support please email us at info@xecurify.com or call us at +1 978 658 9387

Screenshots

  • Setup different 2-Factor methods
  • 2 Factor plugin settings.
  • Advance plugin settings
  • Login form option1 (Enter username)
  • Login form option2 (Enter username)
  • QR Code Authentication Login Screen ( Authenticate your mobile )
  • OTP Login Screen ( OTP over SMS,Phone Call Verifiction,Soft Token,Google Authenticator )
  • Push Notification and Email Verification

Installation

From your WordPress dashboard

  1. Visit Plugins > Add New
  2. Search for Multi Factor Authentication. Find and Install Multi Factor Authentication
  3. Activate the plugin from your Plugins page

From WordPress.org

  1. Download Multi Factor Authentication.
  2. Unzip and upload the miniorange-login-security directory to your /wp-content/plugins/ directory.
  3. Activate Multi Factor Authentication from your Plugins page.

Once Activated

  1. Select Multi-Factor Authentication from the left menu and follow the instructions.
  2. Once, you complete your setup. Click on Log Out button.
  3. Enter the username and password. After the initial validation, you will be prompted for the 2-factor method you had set up.
  4. Validate yourself with the 2-factor authentication method you configured.

Video Guide :

FAQ

How do I gain access to my website if I get locked out?

You can obtain access to your website by one of the below options:

  1. If you have an additional administrator account whose Two Factor is not enabled yet, you can login with it.
  2. If you had setup KBA questions earlier, you can use them as an alternate method to login to your website.
  3. Rename the plugin from FTP – this disables the Two-Factor (2FA) plugin and you will be able to login with your WordPress username and password.

For detailed information, Please check on our website. Locked Out.
You can also check our video Tutorial:

I want to enable Two-Factor Authentication (2FA) role wise ?

You can select the roles under Login Settings tab to enable the plugin role wise. [PREMIUM FEATURE]

I have enabled Two-Factor Authentication (2FA) for all users, what happens if an end user tries to login but has not yet registered ?

If a user has not setup Two-Factor yet, user has to register by inline registration that will be invoked during the login.

I want to enable only one authentication method for my users. What shloud I do?

You can select the authentication methods under Login Settings tab. The selected authentication methods will be shown to the user during inline registration. [PREMIUM FEATURE]

I am getting the fatal error of call to undefined function json_last_error(). What should I do?

Please check your php version. The plugin is supported in php version 5.3.0 or above. You need to upgrade your php version to 5.3.0 or above to use the plugin.

I did not recieve OTP while trying to register with miniOrange. What should I do?

The OTP is sent to your email address with which you have registered with miniOrange. If you can’t see the email from miniOrange in your mails, please make sure to check your SPAM folder. If you don’t see an email even in SPAM folder, please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

I want to configure 2nd factor by Google Authenticator.

Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Google Authenticator App. Enter the 6 digit code in the textbox and click on Save and verify buuton.

I want to configure 2nd factor by Authy 2-Factor Authentication App.

Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Authy 2-Factor Authentication App. Enter the 6 digit code from the Authy App into the textbox available and click on Save and Verifiy button.

I forgot the password of my miniOrange account. How can I reset it?

There are two cases according to the page you see –
1. Login with miniOrange screen: You should click on forgot password link. You will get a new password on your email address with which you have registered with miniOrange . Now you can login with the new password.

  1. Register with miniOrange screen: Enter your email ID and any random password in password and confirm password input box. This will redirect you to Login with miniOrange screen. Now follow first step.

I have a custom / front-end login page on my site and I want the look and feel to remain the same when I add 2 factor ?

If you have a custom login form other than wp-login.php then we will provide you the shortcode. Shortcode will work only for the customized login page created from wordpress plugins. We are not claiming that it will work with all the customized login page. In such case, custom work is needed to integrate two factor with your customized login page. You can submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com for more details.

I have Woocommerce theme login page on my site. How can I enable Two Factor ?

If you have Woocommerce theme login then go to Advanced Options Tab and check Enable Two-Factor for Woocommerce Front End Login. If you need any help setting up 2-Factor for your Woocommerce theme login form, please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

I have installed plugins which limit the login attempts like Limit Login Attempt, Loginizer, Wordfence etc. Is there any incompatibilities with these kind of plugins?

The limit login attempt kind of plugins limit the number of login attempts and block the IP temporarily. So if you are using 2 factor along with these kind of plugins then you should increase the login attempts (minimum 5) so that you dont get locked out yourself.

If you are using any Security Plugin in WordPress like Simple Security Firewall, All in One WP Security Plugin and you are not able to login with Two-Factor.

Our Two-Factor plugin is compatible with most of the security plugins, but if it is not working for you. Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

If you are using any render blocking javascript and css plugin like Async JS and CSS Plugin and you are not able to login with Two-Factor or your screen got blank.

If you are using Async JS and CSS Plugin. Please go to its settings and add jquery in the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

My users have different types of phones. What phones are supported?

We support all types of phones. Smart Phones, Basic Phones, Landlines, etc. Go to Setup Two-Factor Tab and select Two-Factor method of your choice from a range of 8 different options.

What if a user does not have a smart phone?

You can select OTP over SMS, Phone Call Verification or Email Verification as your Two-Factor method. All these methods are supported on basic phones.

What if a user does not have any phone?

You can select Email Verification or Security Questions (KBA) as your Two-Factor method.

What if I am trying to login from my phone ?

If your Security Questions (KBA) are configured then you will be asked to answer them when you are logging in from your phone.

I want to hide default login form and just want to show login with phone?

You should go to Login Settings Tab and check Login with Phone Only checkbox to hide the default login form.

My phone has no internet connectivity and configured 2nd factor with miniOrange App, how can I login?

You can login using our alternate login method. Please follow below steps to login:

  • Enter your username and click on login with your phone.
  • Click on Phone is Offline? button below QR Code.
  • You will see a textbox to enter one time passcode.
  • Open miniOrange Authenticator App and Go to Soft Token Tab.
  • Enter the one time passcode shown in miniOrange Authenticator App in textbox, just like Google authenticator.
  • Click on submit button to validate the otp.
  • Once you are authenticated, you will be logged in.

My phone is lost, stolen or discharged. How can I login?

You can login using our alternate login method. Click on the Forgot Phone link and you will get 2 alternate methods to login. Select “Send a one time passcode to my registered email” to authenticate by OTP over EMAIL or Select “Answer your Security Questions (KBA)” to authenticate by knowledge based authenticaion.

I Want to enable Passwordless login for a particular user role?

You should go to Passwordless Login Tab and check Login with 2nd Factor only checkbox to hide the default login form. This will provide you passwordless login and your users will be able to login without password.

I want to go back to default login with password?

You should go to Login Settings Tab and uncheck Enable Two-Factor plugin checkbox. This will disable 2-Factor and you can login using wordpress default login.

I am upgrading my phone.

You should go to Setup Two Factor Tab and click on Reconfigure to reconfigure 2-Factor with your new phone.

What If I want to use any other second factor like OTP Over SMS, Security Questions, Device Id, etc?

miniOrange authentication service has 15+ authentication methods.One time passcodes (OTP) over SMS, OTP over Email, OTP over SMS and Email, Out of Band SMS, Out of Band Email, Soft Token, Push Notification, USB based Hardware token (yubico), Security Questions, Mobile Authentication (QR Code Authentication), Voice Authentication (Biometrics), Phone Verification, Device Identification, Location, Time of Access User Behavior. To know more about authentication methods, please visit https://miniorange.com/strong_auth . If you want to have any other 2-factor for your WordPress site, please email us at info@xecurify.com or Contact us.

Reviews

Great Product, Great Service, Awesome Team

April 19, 2021
It comes with many customizable features besides the plugin. The developer team intervenes quickly and effectively to solve your problem. Support services work great. I would like to especially thank Ganesh and Mayur for helping me solve the problems. A.Recai

powerful plugin & good support

January 15, 2021
I've been using this plugin for over a year to integrate with an external identity service. It works well out of the box and in the basic form, but it is also highly customizable in the paid version which allows for numerous other features. Support is also very helpful and they are open to feedback when things don't work as needed or expected. I highly recommend it for others looking to centralize & strengthen their WordPress authentication.

Works Great

April 24, 2018
This is a much more simple app for 2FA and works great.

100% recommended.

September 3, 2016
this guys are doing very well. i am using the wordpress 4.5.3. the pluggin guided me through the two functionalities i activated: a)brute force protection and b)google recaptcha. i have to say that i was completely new on this, and didn't know what this "recaptcha" was. for my surprise, it was very easy to setup. i believe it is working fine (i didn't try to hack my own website yet). if you want to check how it works you can try to login on my website: howtoplayspanishguitar.com/wp-login let me know your thoughts! what makes this plugging really amazing are the people that developed this plugging. i installed it yesterday and today i received the following and amazing email: thanks for downloading our limit login attempts plugin. did you find everything you were looking for? i can help you setup the plugin, free of cost and i will be happy to configure it for you for maximum protection. we are the best in the industry when it comes to login protection, brute force protection, 2 factor authentication etc. i would be happy to setup a goto meeting and take you over the configuration? would you like that? my reply below: (..) i found the setup simple. however, if you can have a look at my configuration settings to confirm that i am using the plugin at it fullest potential, that would be much appreciated! there are four things i would like to mention which is a bit confusing: 1) it seems that you, as a company, offer very similar pluggings all based on protection and security: i am not sure if i should install more of your pluggings or if with this one is enough for me to be well protected. 2) is this plugging compatible with "wps hide login"? [answer: yes, it is] 3)are all these ones also compatible with your google authenticator two factor authentication? [answer: yes, it is] 4) do you offer an all-in-one plugging that gathers all these functionalities in one plugin only? [answer: yes, it is "brute force login security, spam protection & limit login attempts"] i am glad of be part of the first group of people installing it. a very big well done. best!!!! just to let you all know, by the time i am writing this comment, i received the answers to the questions i sent them. i added all the [answers] above. i would recommend this plugging to everyone. best!
Read all 4 reviews

Contributors & Developers

“Two Factor Authentication” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Two Factor Authentication” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.8

  • Multi-factor Authentication : XSS Vulnerability fix

1.0.7

  • Tested till WordPress 5.8 and made compatible with PHP 8.

1.0.6

  • Multi-factor Authentication : Added Passwordless Login feature.
  • Multi-factor Authentication : Tested till WordPress 5.7.

1.0.5

  • Tested till WordPress 5.5.

1.0.4

  • Multi-factor Authentication : Added more 2FA methods like Google Authenticator, Security questions and many more.

1.0.3

  • Tested till WordPress 4.9.4

1.0.2

  • Tested till WordPress 4.9.

1.0.1

  • First version of Two-Factor ( 2FA ) plugin.

Meta

Ratings

See all
Log in to submit a review.

Support

Got something to say? Need help?

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin