Add an extra layer of security to your WordPress website login page and its users. Enable two-factor authentication (2FA), the best protection against users using weak passwords, and automated password guessing and brute force attacks.

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator user, and to enforce your website users, or some of them to use 2FA. This plugin is very easy to use. It has wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance.

Maintained & Supported by WP White Security

WP White Security builds high-quality niche WordPress security & admin plugins such as Password Policy Manager, a plugin with which you can ensure all your users use strong passwords.

Browse our list of WordPress plugins that can help you better manage and improve the security of your WordPress websites and users.

WP 2FA Key plugin features & capabilities

  • Free Two-factor authentication (2FA) for all users
  • Supports TOTP (code from app like Google Authenticator) and OTP (email based codes)
  • Supports 2FA backup codes
  • Very easy to use and wizard driven
  • Use policies to enforce 2FA with a grace period
  • Protection against automated password guessing and dictionary attacks

FREE Plugin Support

Support for the WP 2FA plugin is available for free via:

For any other queries, feedback, or if you simply want to get in touch with us please use our contact form.

Related Links and Documentation

From within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘WP 2FA’
  3. Install & activate the WP 2FA from your Plugins page.


  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the wp-2fa folder to the /wp-content/plugins/ directory
  3. Activate the WWP 2FA plugin through the ‘Plugins’ menu in WordPress


  • The first-time install wizard allows you to setup 2FA on your website and for your user within seconds.
  • The wizards make setting up 2FA very easy, so even non technical users can setup 2FA without requiring help.
  • You can require users to enable 2FA and also give them a grace period to do so.
  • Users can also use one-time codes via email as a two-factor authentication method.
  • It is recommended for all users to also generate backup codes, in case they cannot access the primary device.
  • In the user profile users only have a few 2FA options, so it is not confusing for them and everything is self explanatory.
  • The plugin blocks the accounts of users who are required to have 2FA but fail to enable it within the grace period, so they do not jeopardize the security of your website.


May 22, 2020
The plugin, which looks great, unfortunately is not working. It does not accept the passcode generated by google authenticator during the installation. Neither the wizard nor the installation through users > WP 2FA works. To the folks at WP White Security, I'll be happy to share further details/screenshots if that's helpful. Please email me directly through my wordpress.org account or reply to this message with an email address I can contact you at. Thanks. EDIT: The plug in is working correctly. The issue is with the NTP / chrony daemon on the Linux server. The issue on the server side has been resolved and the plugin is working correctly.
May 7, 2020
I had some questions about this plugin and the developer was very responsive and helpful. The plugin works well and the most recent update seemed to kill any bugs it had earlier. The email template feature is great! Super great to have this option and I will for sure use it on other websites.
May 7, 2020
Tried many and none worked .(we have a custom login page)....hey this one worked straight out of the box. Kudos!
April 22, 2020
Quite possibly the easiest to set up 2FA client plugin. Setup options are in clear English with little in the way of ambiguity. Easy step by step setup makes this plugin shine! Personal recommendation: Install the Google Authenticator app on your phone first, before installing this plugin.
April 17, 2020
We've struggled to find a 2FA plugin that worked exactly how we wanted. This plugin nailed it. We found a bug and reported it and it was fixed very quickly. Highly recommend.
April 17, 2020
A 2FA plugin that actually works and superb fast support. What more could you ask for? An edit made for me so that it now works with Ultimate Member too.
Read all 7 reviews

Contributors & Developers

“WP 2FA” is open source software. The following people have contributed to this plugin.


Translate “WP 2FA” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.


1.2.0 (2020-05-06)

Release notes: WP 2FA 1.2: Multisite network support & configurable email templates

  • New features

    • Multisite network support.
    • Configurable email templates.
    • New setting to also configure the “from email address and display name” for all plugin emails.
    • Support for redirect after login plugins.
  • Improvements

    • Support for custom login pages; user is correctly redirected to enter 2FA code when using one.
    • Added a “Send another code” button in the email 2FA wizard (in case first email is not received).
    • If they apply, policies are automatically enforced on newly created user (user is sent an email notification).
    • 2FA policies are enforced if they apply when a user’s role is changed.
  • Bug fixes

    • Locked user is sent an email every time there is a login attempt on the account.
    • Backup codes not generated in some specific scenarios.
    • Incorrect META title of plugin wizard (Support ticket).

1.0.1 (20200427)

  • Bug fix
    • Plugin does not generate backup codes in certain circumstances.

1.0.0 (20200401)

  • Initial release