WP 2FA – Two-factor Authentication for WordPress



Add an extra layer of security to your WordPress website login page and its users. Enable two-factor authentication (2FA), the best protection against users using weak passwords, and automated password guessing and brute force attacks.

Features | Getting Started | More Info

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator user, and to enforce your website users, or some of them to use 2FA. This plugin is very easy to use. It has wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance.

Maintained & Supported by WP White Security

WP White Security builds high-quality niche WordPress security & admin plugins such as Password Policy Manager, a plugin with which you can ensure all your users use strong passwords.

Browse our list of WordPress plugins that can help you better manage and improve the security of your WordPress websites and users.

WP 2FA Key plugin features & capabilities

  • Free Two-factor authentication (2FA) for all users
  • Supports TOTP (code from 2FA apps like Google Authenticator and Authy) and OTP (email based codes)
  • Supports 2FA backup codes
  • Very easy to use and wizard driven
  • Use policies to enforce 2FA with a grace period or require your users to instantly setup 2FA upon login
  • Protection against automated password guessing and dictionary attacks

FREE Plugin Support

Support for the WP 2FA plugin is available for free via:

For any other queries, feedback, or if you simply want to get in touch with us please use our contact form.

Related Links and Documentation

From within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘WP 2FA’
  3. Install & activate the WP 2FA from your Plugins page.


  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the wp-2fa folder to the /wp-content/plugins/ directory
  3. Activate the WWP 2FA plugin through the ‘Plugins’ menu in WordPress


  • The first-time install wizard allows you to setup 2FA on your website and for your user within seconds.
  • The wizards make setting up 2FA very easy, so even non technical users can setup 2FA without requiring help.
  • You can require users to enable 2FA and also give them a grace period to do so.
  • Users can also use one-time codes via email as a two-factor authentication method.
  • You can use policies to require users to instantly set up and use 2FA, so the next time they login they will be prompted with this.
  • It is recommended for all users to also generate backup codes, in case they cannot access the primary device.
  • In the user profile users only have a few 2FA options, so it is not confusing for them and everything is self explanatory.
  • The plugin blocks the accounts of users who are required to have 2FA but fail to enable it within the grace period, so they do not jeopardize the security of your website.


7 juni 2021
Very easy to implement, professional user-facing interface, comprehensive set of admin options that are easy to use. I tried several other 2FA plugins, but they either didn't work correctly on multisite, or had limited features, or required a subscription. Thank you for such an excellent plugin!
7 juni 2021
This plugin took less than a minute to configure. I already have Google Authenticator on my phone, so I only needed to scan the QR code to add it. It works perfectly.
26 mei 2021
This is by far, the best 2FA plugin for WordPress. It supports frontend via shortcode and multi-site network. I would write great a million times... the only thing I hope, it doesn't go rogue on its users and ask for large charges. I would definitely buy the plugin for the right amount and a lifetime license.
13 mei 2021
Very happy for the support given by the creators of the plugin, especially in the Spanish translations. Thank you.
Lees alle 45 beoordelingen

Bijdragers & ontwikkelaars

“WP 2FA – Two-factor Authentication for WordPress” is open source software. De volgende personen hebben bijgedragen aan deze plugin.


“WP 2FA – Two-factor Authentication for WordPress” is vertaald in 5 talen. Dank voor de vertalers voor hun bijdragen.

Vertaal “WP 2FA – Two-factor Authentication for WordPress” naar jouw taal.

Interesse in ontwikkeling?

Bekijk de code, haal de SVN repository op, of abonneer je op het ontwikkellog via RSS.


1.6.2 (2021-05-31)

  • Improvements

    • Several improvements applied in how plugin settings are saved and checked (during user login).
    • All data placeholders in the plugin settings now have the same format.
    • Better resolution used for user-entered data in wizard.
    • Users are now notified to recconfigure 2FA if the 2FA method they are using is no longer allowed.
  • Bug fixes

    • 2FA methods were not shown when administrator skips the first-time install wizard.
    • Users were being redirected to custom redirect before finishing the backup codes.
    • Buttons were not clickable when using the front-end 2FA setup page.
    • Fixed a number of browser compatibility issues (mostly better support for Safari).
    • User was still asked for 2FA code even if excluded.
    • Settings were not properly populated in some cases, resulting in error on admin pages (Support ticket).
    • PHP error when enforcing 2FA policies on a sub-site in a multisite network.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.