Beschrijving
Een gratis en eenvoudig te gebruiken twee-factor authenticatie plugin voor WordPress
Add an extra layer of security to your WordPress website login and protect your users. Enable two-factor authentication (2FA), the best protection against password leaks, automated password guessing, and brute force attacks.
Gebruik de WP 2FA plugin om twee-factor authenticatie in te schakelen voor je WordPress beheerder, 2FA af te dwingen voor alle gebruikers van je site, of voor gebruikers met specifieke rollen. Deze plugin is heel eenvoudig te gebruiken; alles kan worden geconfigureerd via wizards met duidelijke instructies, dus zelfs niet-technische gebruikers kunnen 2FA instellen zonder technische hulp.
Functies | Aan de slag | Verkrijg de Premium!
🔒 WP 2FA sleutel plugin functies en mogelijkheden
- Passkeys support for passwordless logins
- Free two-factor authentication (2FA) for all users
- Multiple 2FA methods supported, including authenticator app (TOTP) and code over email
- Developer API to integrate any alternative 2FA method (WhatsApp, OTP Token, etc.)
- Universal 2FA app support – works with Google Authenticator, Authy, and any TOTP-compatible app
- Backup codes (16 digits) for recovery access
- Wizard-driven setup – no technical knowledge required
- 2FA policies to enforce setup with grace periods or instant activation
- REST API endpoints for custom integrations and headless WordPress setups
- Dashboard-free setup – users can configure 2FA without WP admin access
- Editable email templates for full customization
- Much more!
💎 upgrade naar WP 2FA premium en krijg nog meer voordelen
De premium versie van WP 2FA wordt geleverd met nog meer functies om de loginbeveiliging van je WordPress site naar een hoger niveau te tillen.
Met de premium editie van WP 2FA krijg je meer 2FA methodes, 1-klik integratie met WooCommerce, vertrouwde apparaten functie, en uitgebreide white labeling mogelijkheden.
Lijst met premium functies
- Everything in the free version
- Full white labeling capabilities to change all text and visuals in the wizards, emails, SMS, and 2FA pages
- Support for multiple passkeys per user for flexible passwordless logins
- Zero-setup email 2FA that automatically enrolls users without manual configuration
- YubiKey hardware key support for enterprise-grade security
- Additional 2FA methods such as SMS, email link, and more
- Trusted devices so users can log in without 2FA for a configured period
- Require 2FA on password reset to strengthen account protection
- Allow next user login without 2FA to help recover accounts locked out of authentication
- One-click WooCommerce integration to enable 2FA for customers and store admins
- And much more!
Raadpleeg de WP 2FA plugin functies en voordelen pagina om meer te leren over de voordelen van het upgraden naar WP 2FA Premium.
🛠️ Gratis en premium ondersteuning
Support for the free edition of WP 2FA is free on the WordPress support forums. Premium world-class support via one-to-one email is available to the Premium users – upgrade to premium to benefit from email support.
Voor alle andere vragen, feedback, of als je gewoon contact met ons wil opnemen, gebruik dan ons contactformulier.
ONDERHOUDEN & ONDERSTEUND DOOR MELAPRESS
Melapress develops high-quality WordPress management and security plugins, such as Melapress Login Security, Melapress Role Editor, and WP Activity Log; the #1 user-rated activity log plugin for WordPress.
Bekijk onze lijst van WordPress beveiliging en beheer plugins om te zien hoe onze plugins je kunnen helpen bij het beter beheren en verbeteren van de beveiliging en het beheer van je WordPress sites en gebruikers.
WP 2FA installeren
Vanuit WordPress
- Navigeer naar ‘Plugins’ > Nieuwe toevoegen
- Zoek naar ‘WP 2FA’
- Installeer & activeer de WP 2FA vanaf je Plugins pagina
Handmatig
- Download de plugin uit de WordPress plugin repository
- Pak het zipbestand uit en upload de map naar de ‘/wp-content/plugins/ folder’
- Activeer de WWP 2FA plugin via het ‘Plugins’ menu in WordPress
Zoals uitgelicht op:
Schermafbeeldingen











FAQ
Verstuurt de plugin gegevens naar Melapress?
Nee, de plugin stuurt ons helemaal geen gegevens. De enige gegevens die we ontvangen zijn licentiegegevens van de premium editie van de plugin.
What 2FA methods are available with the plugin?
The free edition of WP 2FA includes the following 2FA methods: Authenticator app 2FA and code over email. This allows you to use Google Authenticator OTP The premium edition adds YubiKey, one-click email link, SMS 2FA, and Authy push notifications.
How can I integrate two-factor authentication (2FA) into my custom login process or AJAX-based form?
WP 2FA includes a REST API that allows developers to enable and verify 2FA during custom authentication flows, such as AJAX-based login forms, mobile apps, or headless WordPress websites. Refer to the REST API in WP 2FA documentation for more information.
How can I ensure I do not get locked out?
WP 2FA includes backup authentication methods so that if the primary authentication method fails, you and your users can still log in. The free version of the plugin includes backup codes, which can be configured during 2FA configuration or at any point after that from the profile page. The premium edition adds 2FA backup codes over email.
What happens if I get locked out?
In the unlikely event that you are unable to supply your 2FA code, there are several steps you can take to gain access to your WordPress dashboard. First, check if there is another administrator who can reset your 2FA. If this is not possible, manually deactivate the plugin, log in without 2FA, re-activate the plugin, and then reconfigure your 2FA.
Does WP 2FA support multi-site networks?
Yes, WP 2FA is multisite compatible. The plugin can be activated at the network level. 2FA policies can be enforced on all users, a subsection of users, or per site on the network. It also supports network setups with different domains.
Ontvangt de plugin updates?
We updaten de plugin vrij regelmatig om ervoor te zorgen dat de plugin in topvorm blijft draaien terwijl we van tijd tot tijd nieuwe functies toevoegen.
Does the plugin support Google Authenticator?
Yes, WP 2FA fully supports Google Authenticator on WordPress. WP 2FA also supports many other 2FA authenticator apps.
Can I get support if I get stuck?
Support for the free edition of the plugin is provided only via the WordPress.org support forums. You can also refer to our support pages for all the technical and product documentation.
If you are using the Premium edition, you get direct access to our support team via one-to-one email support.
Hoe kan ik beveiligingsfouten rapporteren?
Je kunt beveiligingsproblemen melden via het patchstack vulnerability disclosure program. Gebruik dit formulier. Voor meer informatie, raadpleeg ons Melapress plugins beveiligingsprogramma.
Beoordelingen
Bijdragers & ontwikkelaars
“WP 2FA – Two-factor authentication for WordPress” is open source software. De volgende personen hebben bijgedragen aan deze plugin.
Bijdragers“WP 2FA – Two-factor authentication for WordPress” is vertaald in 14 localen. Dank voor de vertalers voor hun bijdragen.
Vertaal “WP 2FA – Two-factor authentication for WordPress” in je eigen taal.
Interesse in ontwikkeling?
Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.
Changelog
4.0 (2027-07-07)
-
New User Interface (UI)
- A completely redesigned plugin interface, offering improved navigation, a more streamlined setup experience, better organization of settings, and a modern design.
Important: Switching to the new interface is a one-way process. New installations use the new interface by default, while upgrades retain the current interface and can switch at any time via a new Switch to the new WP 2FA Interface setting under General Settings.
-
New Features & functionality
- Added an Export table as CSV feature in the Reports, allowing administrators to export 2FA status data for analysis and reporting.
-
Verbeteringen
- The “learn more about backup codes” URL shown on the user profile is now editable via white labeling, allowing brands to replace or remove the default link.
- Updated the bundled Select2 library to a more recent and secure version.
- Hardened the shortcode
returnparameter handling to use proper URL validation instead ofstrip_tags(), preventing potential URL manipulation. - Updated the SSL check to use wp_die() instead of bare exit() calls for safer request termination.
- Refreshed the install wizard copy across all four slides for clearer, more welcoming language and consistent use of the term “secondary 2FA method” instead of “alternative”.
- Improved the libxml missing extension notice (required for TOTP method) with a clearer, more actionable message directing users to their hosting provider.
- Moved the main **2FA code page text* * field to the top of the White Labeling Customize 2FA code page tab,
- Shortened the default SMS templates on fresh installs to stay under 160 characters, improving deliverability with strict carriers while remaining Twilio-compliant.
- The verification code input on the 2FA login screen is now auto-focused, so users can start typing their code immediately without clicking into the field.
- The
{login_code}placeholder now also works in email subject lines, not only in the email body. - Improved feedback on the 3rd party integrations page: verification modals for Twilio, Clickatell, and all other providers are now consistently styled and show clear error messages when credentials are empty or invalid.
- Verified 3rd party integration credentials are now automatically saved on successful validation, so they persist after a page refresh.
- Declared WooCommerce compatibility with HPOS, Cart/Checkout Blocks, and the Product Block Editor, so WP 2FA no longer appears as “uncertain” in the WooCommerce compatibility dashboard.
- Removed
declare(strict_types=1)from all files to improve compatibility with WordPress hooks and prevent intermittent TypeError fatals when filters or actions pass loosely-typed values. - Removed a large block of commented-out legacy code from
wp-2fa.phpfor cleaner code and easier maintenance. - Fixed inconsistent text domain usage in the deactivation class (was
'textdomain', now correctly uses'wp-2fa'), ensuring all deactivation strings are translatable. - Updated the deactivation feedback form to version 1.1.
- Refactored the plugin’s licensing architecture to improve maintainability and support future enhancements.
- Removed the Quick Links feature from the plugin, along with its underlying code.
- Removed the Survey and Changelog banners from the plugin UI.
- Removed an obsolete white labeling option under Method selection.
- Added a check when enabling the “Use custom logo” option: if no logo has been uploaded, a clear error message is now shown pointing to the 2FA code page design settings.
- Removed the unecessary “Activate free version” button from Premium licensing prompt.
- Improved custom CSS handling for buttons on the user profile area, so all WP 2FA buttons consistently pick up plugin styling (or the user’s custom CSS overrides) instead of falling back to WordPress defaults inconsistently.
- Added help text under all subtitles on White Labeling Customize 2FA code page Edit content, providing a short description for each rich-text field.
- Added missing hint help text on the Customize setup wizard page for the Email (HOTP), Yubico, Clickatell, Twilio, and Authy methods, explaining what the hint field controls during 2FA setup.
- Added an upgrade modal that explains the benefits of full white labeling when users click locked white labeling options.
- Passkeys can now be revoked only by the person who generated them instead of other site administrators.
-
Bug fixes
- Fixed: The WooCommerce
/my-account/{2fa-endpoint}/URL returned a 404 after any rewrite rules flush triggered from an admin request (e.g. saving Settings Permalinks). - Optimized performance by removing unnecessary front-end checks for an expired event banner.
- Fixed:
wp_delete_postwas being called with a post ID of 0 when saving settings under WordPress 6.9, triggering a_doing_it_wrong()notice and causing 500 errors on sites using Acorn / Sage. - Fixed: PHP Deprecated
htmlspecialchars(): Passing null to parameter #1shown inside the SMS template boxes on PHP 8.3 with WordPress 6.9.4+. - Fixed: PHP Deprecated
Automatic conversion of false to arrayin the Authy and role settings controller extensions on PHP 8.3 multisite installations. - Fixed: PHP Notice
Function WP_Scripts::add was called incorrectly. The script with the handle "wp_2fa_yubico" was enqueued with dependencies that are not registered: wp2fa-dialogin WordPress 6.9.1+. - Fixed: The Locked user status was not displayed next to a user after their grace period expired and they attempted to log in again.
- Fixed: Users who configured 2FA voluntarily (without being enforced by a policy) were shown as Configured instead of the correct Configured (but not required) status.
- Fixed: Users not covered by 2FA enforcement were shown as “User has not logged in yet, 2FA status is unknown” instead of “Not required”.
- Fixed: Passkeys were always counted as 0 on the Reports page, regardless of how many passkeys had actually been registered.
- Fixed: Horizontal scrolling caused by the encryption and enforcement dashboard notices when viewing WP 2FA admin pages.
- Fixed: CSS selectors that started with a number (e.g.
#2fa-user-global-configuration) have been renamed to valid,wp-2fa-prefixed selectors for consistency and to work correctly with SCSS/LESS preprocessors. - Fixed: The FlyOut remote configuration fetch is now respectful of user preferences, aligning better with WordPress.org compliance expectations.
- Fixed: The WooCommerce
-
Breaking changes
- JSON settings exports created in versions earlier than 4.0 cannot be imported to a version 4.0 install. Recreate the settings export using version 4.0.
- Email template customization is now available as an Enterprise feature. Existing custom email templates will continue to work without interruption.
Raadpleeg de volledige plugin wijzigingslog voor meer gedetailleerde informatie over wat er nieuw, verbeterd en opgelost is in eerdere versie-updates van WP 2FA.
