Skip to content
  • Log In
  • Register
WordPress.org
  • News
  • Download & Extend
    • Get WordPress
    • Themes
    • Patterns
    • Plugins
    • Mobile
    • Hosting
    • Openverse ↗︎
  • Learn
    • Learn WordPress
    • Documentation
    • Forums
    • Developers
    • WordPress.tv ↗︎
  • Community
    • Make WordPress
    • Photo Directory
    • Five for the Future
    • WordCamp ↗︎
    • Meetups ↗︎
    • Job Board ↗︎
  • About
    • About WordPress
    • Showcase
    • Enterprise
    • Gutenberg ↗︎
    • WordPress Swag Store ↗︎
  • Get WordPress
Get WordPress

Plugins

  • My Favorites
  • Beta Testing
  • Developers
Download

Two-Factor

By Plugin Contributors
  • Details
  • Reviews
  • Development
Support

Description

Use the “Two-Factor Options” section under “Users” → “Your Profile” to enable and configure one or multiple two-factor authentication providers for your account:

  • Email codes
  • Time Based One-Time Passwords (TOTP)
  • FIDO Universal 2nd Factor (U2F)
  • Backup Codes
  • Dummy Method (only for testing purposes)

For more history, see this post.

Actions & Filters

Here is a list of action and filter hooks provided by the plugin:

  • two_factor_providers filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.
  • two_factor_enabled_providers_for_user filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
  • two_factor_user_authenticated action which receives the logged in WP_User object as the first argument for determining the logged in user right after the authentication workflow.
  • two_factor_token_ttl filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the WP_User object being authenticated.

Screenshots

  • Two-factor options under User Profile.
  • U2F Security Keys section under User Profile.
  • Email Code Authentication during WordPress Login.

FAQ

How can I send feedback or get help with a bug?

The best place to report bugs, feature suggestions, or any other (non-security) feedback is at the Two Factor GitHub issues page. Before submitting a new issue, please search the existing issues to check if someone else has reported the same feedback.

Where can I report security bugs?

The plugin contributors and WordPress community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please visit the WordPress HackerOne program.

Reviews

Works like expected

Latz September 12, 2023
The installation was easy. No problems so far.

Excellent

flyingkites September 7, 2023
Installed on WP 6.3. Works fine. I tried a few but they were too complex. This one makes it easy to secure a specific user (admin) and get a code via email which is what you need now hosting companies (Bluehost, GoDaddy) allow login to admin via their control panels with administrator passwords. (Talk about inbuilt security breaches)

Fantastic

Patrick Boehner September 5, 2023
It works well and integrates nicely. It works as if it was a native part of WordPress, which is what I want out of any plugin.

Simple and Reliable

chomique July 19, 2023
First plugin I install for each new website.However... What would make it perfect is that the code sent via email was displayed in a separate line.This would avoid adding a whitespace when selecting a string.

Streamlined and Effective

Arslan Ahmed May 24, 2023
As a contributor to the Two-Factor WordPress Plugin, I'm excited to present my review of this exceptional security solution. This plugin operates flawlessly, delivering a streamlined and user-friendly interface for configuring two-factor authentication (2FA) with minimal effort. One of the aspects I'm particularly fond of is its commitment to focusing on a single function while excelling at it, providing users with a reliable and efficient solution. In this review, I will delve deeper into the plugin's impressive features and highlight its effectiveness in enhancing WordPress security. Impressive Simplicity: The Two-Factor WordPress Plugin truly shines in its simplicity. Configuring 2FA is a breeze, thanks to its straightforward and intuitive interface. Even users with minimal technical knowledge can easily set up the plugin without any hassle. By focusing on the core functionality of two-factor authentication, the plugin avoids overwhelming users with unnecessary features, ensuring a smooth and uncomplicated experience. User-Centric Design: The plugin's user-centric design is a testament to its effectiveness. It prioritizes the needs and preferences of users, providing them with a seamless and efficient 2FA setup process. Whether users opt for time-based one-time passwords (TOTP), QR code scanning, or other authentication methods, the plugin caters to their diverse requirements, enhancing security without compromising convenience. The straightforward configuration options empower users to strengthen their WordPress logins with just a few clicks. Contributor Involvement: As a proud contributor to the Two-Factor WordPress Plugin, I'm grateful for the opportunity to be part of a project that prioritizes user security. Collaborating with the dedicated development team has been an enriching experience, and I've witnessed firsthand their commitment to excellence and attention to detail. Contributing to this plugin has allowed me to play a role in providing users with a reliable and effective security solution for their WordPress websites. Conclusion: In conclusion, the Two-Factor WordPress Plugin stands out as a remarkable tool for enhancing WordPress security. Its flawless performance, coupled with a user-friendly interface, makes it a top choice for configuring two-factor authentication with ease. The plugin's simplicity is commendable, offering users a focused and streamlined solution without overwhelming them with unnecessary features. As a contributor to this exceptional project, I take great pride in recommending the Two-Factor WordPress Plugin to WordPress users who value simplicity, security, and reliability.

Two-Factor plugin functions flawlessly!

fahimmurshed May 24, 2023
This plugin functions flawlessly! It provides users with a straightforward and straightforward interface for configuring two-factor authentication (2FA), requiring minimal configuration, if any. What I appreciate most is that it focuses on doing one thing exceptionally well, as opposed to overwhelming users with a multiplicity of unrelated features.
Read all 168 reviews

Contributors & Developers

“Two-Factor” is open source software. The following people have contributed to this plugin.

Contributors
  • George Stephanis
  • Derek Herman
  • Steven Word
  • Daisuke Takahashi
  • Scott Grant
  • Aaron D. Campbell
  • John Blackbourn
  • Steve Grunwell
  • Stephen Edgar
  • Kaspars
  • Ali Husnain
  • Arslan Ahmed

“Two-Factor” has been translated into 32 locales. Thank you to the translators for their contributions.

Translate “Two-Factor” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

See the release history.

Community Plugin

Contribute

This plugin is developed and supported by a community.

Meta

  • Version: 0.8.2
  • Last updated: 4 weeks ago
  • Active installations: 60,000+
  • WordPress Version: 4.3 or higher
  • Tested up to: 6.2.2
  • PHP Version: 5.6 or higher
  • Languages:

    Albanian, Arabic, Catalan, Chinese (China), Chinese (Hong Kong), Chinese (Taiwan), Czech, Danish, Dutch, Dutch (Belgium), English (Canada), English (UK), English (US), Finnish, French (Canada), French (France), Galician, German, Italian, Japanese, Norwegian (Bokmål), Persian, Polish, Russian, Slovak, Spanish (Colombia), Spanish (Ecuador), Spanish (Mexico), Spanish (Spain), Spanish (Venezuela), Swedish, Urdu, and Vietnamese.

    Translate into your language

  • Tags:
    authenticationlogintotptwo factortwo step
  • Advanced View

Ratings

See all
  • 5 stars 149
  • 4 stars 11
  • 3 stars 0
  • 2 stars 2
  • 1 star 6
Log in to submit a review.

Contributors

  • George Stephanis
  • Derek Herman
  • Steven Word
  • Daisuke Takahashi
  • Scott Grant
  • Aaron D. Campbell
  • John Blackbourn
  • Steve Grunwell
  • Stephen Edgar
  • Kaspars
  • Ali Husnain
  • Arslan Ahmed

Support

Issues resolved in last two months:

0 out of 3

View support forum

  • About
  • News
  • Hosting
  • Donate
  • Swag
  • Documentation
  • Developers
  • Get Involved
  • Learn
  • Showcase
  • Plugins
  • Themes
  • Patterns
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • Privacy
  • Public Code
WordPress.org
WordPress.org
  • Visit our Facebook page
  • Visit our Twitter account
  • Visit our Instagram account
  • Visit our LinkedIn account
  • Visit our YouTube channel
Code is Poetry