WP 2FA – Two-factor authentication for WordPress

Description

A free and easy-to-use two-factor authentication plugin for WordPress

Add an extra layer of security to your WordPress website login pages and protect your users. Enable two-factor authentication (2FA), the best protection against users using weak passwords, automated password guessing, and brute force attacks.

Features | Getting Started | Get the Premium!

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator, and to enforce your website users, or users with a specific role to use 2FA. This plugin is very easy to use; everything can be configured via wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance.

MAINTAINED & SUPPORTED BY MELAPRESS

Melapress develops high-quality WordPress management and security plugins such as Melapress Login Security, CAPTCHA 4WP, and WP Activity Log, the #1 user-rated activity log plugin for WordPress.

Browse our list of WordPress security and administration plugins to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.

WP 2FA key plugin features and capabilities

  • Free Two-factor authentication (2FA) for all users
  • Supports multiple 2FA methods
  • Universal 2FA app support – generate codes from Google Authenticator, Authy & any other 2FA app
  • Supports 2FA backup methods
  • Very easy to use and simple to set up
  • Use 2FA policies to enforce 2FA with a grace period or require users to instantly setup 2FA upon logging in
  • No WordPress dashboard access is required for users to set up 2FA
  • Fully editable email templates
  • Protection against automated password & dictionary attacks
  • Much more

Upgrade to WP 2FA Premium and get even more

The premium version of WP 2FA comes bundled with even more features to take your WordPress website login security to the next level.

With the premium edition of WP 2FA, you get more 2FA methods, 1-click integration with WooCommerce, trusted devices feature, and extensive white labeling capabilities.

Premium features list

  • Everything in the free version
  • Full white labeling capabilities
  • Trusted devices (no 2FA required)
  • Additionl 2FA methods (such as 2FA over SMS)
  • Require 2FA on password reset
  • One-click integration with WooCommerce
  • Much more

Refer to the WP 2FA plugin features and benefits page to learn more about the benefits of upgrading to WP 2FA Premium.

Free and premium support

Premium world-class support for WP 2FA is free via email or through the WordPress support forums.

Note: paid customer support is given priority and is provided via one-to-one email. Upgrade to Premium to benefit from priority support.

For any other queries, feedback, or if you simply want to get in touch with us, please use our contact form.

As featured on:

Related links and documentation:

You can find more detailed information about 2FA and its benefits in the links below

Installing WP 2FA

From within WordPress

  1. Navigate to ‘Plugins > Add New’
  2. Search for ‘WP 2FA’
  3. Install & activate WP 2FA from your Plugins page

Manually

  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the folder to the /wp-content/plugins/ directory
  3. Activate the WP 2FA plugin through the ‘Plugins’ menu in WordPress

Screenshots

  • The first-time install wizard allows you to setup 2FA on your website and for your user within seconds.
  • The wizards make setting up 2FA very easy, so even non technical users can setup 2FA without requiring help.
  • You can require users to enable 2FA and also give them a grace period to do so.
  • Users can also use one-time codes via email as a two-factor authentication method.
  • You can use policies to require users to instantly set up and use 2FA, so the next time they login they will be prompted with this.
  • You can give users a grace period until they configure 2FA. You can also specify what should the plugin do once the grace period is over.
  • It is recommended for all users to also generate backup codes, in case they cannot access the primary device.
  • In the user profile users only have a few 2FA options, so it is not confusing for them and everything is self explanatory.

Reviews

February 27, 2024
Rarely do we see plugins go down in price over time but with their recent change to licensing we're getting more for less in 2024. Robert has provided excellent support and we are very happy with this plugin overall.
February 27, 2024
Using this plugin for years. I have more than 50 active plugins and W2fa working fine with all of them.No errors and I`m getting frequency updates. I used the support team once and I was very happy with the results ( they found the issue was on my side )
February 8, 2024 3 replies
Great plugin. But it must be added to documentation how to setup 2FA via user profile.And would be great to add something link inside plugin which lead to User Profile, so plugin menu will be:->2FA Policies->Settings->Setup 2FA on User Profile Pagebecause when I checked each possible setting in plugin and did not find how to setup - I decided it does not work at all!
February 1, 2024 1 reply
Wow this one did not work well at all. I turned on 2FA to be effective immediately. My site logged out and I couldn't get in because I didn't have a 2FA. It never popped up the QR code. It never gave backup codes. On the login page it gave directions to click a reset button, but no button was present. I had to actually do a site restore to get my site access back. Luckily I back up before deploying any new plugins. They really need to set this one up better.
Read all 122 reviews

Contributors & Developers

“WP 2FA – Two-factor authentication for WordPress” is open source software. The following people have contributed to this plugin.

Contributors

“WP 2FA – Two-factor authentication for WordPress” has been translated into 10 locales. Thank you to the translators for their contributions.

Translate “WP 2FA – Two-factor authentication for WordPress” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

2.6.4 (2024-03-07)

  • Improvements

    • The default “From email address” used by the plugin now uses the website’s domain, thus improving email deliverability.
    • All one-time codes generated by the plugin are now 6 digits long.
    • Applied some coding best practices in some sections to ensure better protection against timing base attacks.
  • Security fix

    • Fixed a sensitive information disclosure issue – users’ salts can only be potentially exposed if debug is enabled and the web server is not Apache.

      • Bug fixes
      • Fixed: Text changes in the “logged out users trying to access 2FA config” setting not saved.
      • Fixed: User not redirected to the URL configured in the settings when all backup codes are disabled.
      • Fixed: Formatting / layout of advert in the configuration, which in some cases it was showing over some of the help text.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.