WP 2FA – Two-factor authentication for WordPress



Add an extra layer of security to your WordPress website login pages and its users. Enable two-factor authentication (2FA), the best protection against users using weak passwords, and automated password guessing and brute force attacks.

Features | Getting Started | 14-Day Premium Trial

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator user, and to enforce your website users, or some of them to use 2FA. This plugin is very easy to use. It has wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance.

Maintained & Supported by WP White Security

WP White Security builds high-quality WordPress security & admin plugins such as WPassword, and WP Activity Log, the #1 user-rated activity log plugin for WordPress.

Browse our list of WordPress security plugins to see how our plugins can help you better manage and improve the security of your WordPress websites and users.

WP 2FA Key plugin features & capabilities

Extend the functionality of WP 2FA & automate more

Upgrade to WP 2FA Premium to:

  • More 2FA methods such as 2FA over SMS, Push notification and one-click login
  • Add trusted devices – no need for 2FA code each time you log in
  • Whitelabel all the 2FA pages – for a consistent user experience
  • Fully whitelabel-enabled user 2FA wizards & emails; add your own the logo, upload custom CSS and also change the text
  • Give the users more alternative 2FA methods to choose from and use so they are never locked out
  • Add 2FA to your WooCommerce user pages with just one-click
  • Configure different 2FA policies for different user profiles
  • Easily get an overview of users’ 2FA setup with the reports
  • And many other features

Refer to the 2FA plugin features and benefits page to learn more about the benefits of upgrading to WP 2FA Premium.

Free and Premium Support

Support for WP 2FA is free on the WordPress support forums.

Premium world-class support is available via email to all WP 2FA Premium users.

Note: paid customer support is given priority and is provided via one-to-one email and over the phone. Upgrade to Premium to benefit from priority support.

For any other queries, feedback, or if you simply want to get in touch with us please use our contact form.

As Featured On:

Related Links and Documentation

From within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘WP 2FA’
  3. Install & activate the WP 2FA from your Plugins page.


  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the wp-2fa folder to the /wp-content/plugins/ directory
  3. Activate the WWP 2FA plugin through the ‘Plugins’ menu in WordPress


  • The first-time install wizard allows you to setup 2FA on your website and for your user within seconds.
  • The wizards make setting up 2FA very easy, so even non technical users can setup 2FA without requiring help.
  • You can require users to enable 2FA and also give them a grace period to do so.
  • Users can also use one-time codes via email as a two-factor authentication method.
  • You can use policies to require users to instantly set up and use 2FA, so the next time they login they will be prompted with this.
  • You can give users a grace period until they configure 2FA. You can also specify what should the plugin do once the grace period is over.
  • It is recommended for all users to also generate backup codes, in case they cannot access the primary device.
  • In the user profile users only have a few 2FA options, so it is not confusing for them and everything is self explanatory.


31 Dicembre 2022 2 risposte
The plugin may be good but it completely hijacks the WP admin interface. I literally can not open any page in WP admin unless I add 2 factor auth. Not even the plugins page to deactivate. Not sure if this is an annoying feature or a bug but makes the site unsuable.
24 Novembre 2022
In the beginning there were some problems with the implementation. Therefore, I contacted the support. They were able to help me very well. I am glad to use a plugin whose support works so well. I can only recommend the plugin
19 Novembre 2022
There are a few tweaks here and there to maximize its functionality within my website, however, overall, this plugin is simply great.
19 Novembre 2022
Our organization tries to enforce 2FA everywhere we possibly can. This plugin fills that need perfectly, and works very well. The support is great also - the best experience I’ve had attempting to use the Forum on a free plugin.
3 Novembre 2022
The plugin is great and suits my needs had an issue and the customer service got back to me really quickly and was awsome highly recomended for the customer support and ease of use for the plugin.
Leggi tutte le recensioni di 88

Contributi e sviluppo

“WP 2FA – Two-factor authentication for WordPress” è un software open source. Le persone che hanno contribuito allo sviluppo di questo plugin sono indicate di seguito.


“WP 2FA – Two-factor authentication for WordPress” è stato tradotto in 9 lingue. Grazie ai traduttori per i loro contributi.

Traduci “WP 2FA – Two-factor authentication for WordPress” nella tua lingua.

Ti interessa lo sviluppo?

Esplora il Codice segui il Repository SVN iscriviti al Log delle Modifiche. Puoi farlo tramite RSS con un lettore di feed.

Changelog (registro delle modifiche)

2.4.0 (2023-02-02)

Release notes: 2FA SMS via Twilio & one-click WooCommerce integration

  • New features

    • Setting to choose between locking a user or forcing the user to configure 2FA when the grace period is over.
  • Improvements

    • Redirect user to sub-site on a multisite network after completing the 2FA setup.
    • Made alternative 2FA backup methods available in first-install wizard to give them more prominance so users can use them.
    • Improved the UI (looks and feel) of the admin 2FA wizard.
    • Plugin creates its own salts in the wp-config.php file to avoid conflicts with other plugins.
    • Applied several improvements to the 2FA user wizard for better UX.
    • Removed redundant cron job wp_2fa_check_grace_period_status.
    • Better handling of users with no role on a multisite network (improved exception handling).
    • Disable wizard styling button now also applies to front-end wizards.
    • Added more help text in the 2FA install setup wizard to better assist administrators setting up the plugin.
    • Better interoperability with post-login redirect plugins.
    • Removed redundant code (it was no longer needed due to change and improvement in functionality).
  • Bug fixes

    • Fixed: edge case issue that caused the cron job that checks for grace periods to be inactive.
    • Fixed: plugin sends two emails when clicking the “Resend code” button.
    • Added additional checks to ensure that all the “No 2FA method selected” scenarios are handled.
    • Fixed a number of spelling mistakes in the plugin UI.
    • Fixed: fatal error when plugin usind alongside the Events Calendar plugin.
    • Addressed a number of PHP warnings in free edition.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.