WP 2FA – Two-factor authentication for WordPress



Add an extra layer of security to your WordPress website login page and its users. Enable two-factor authentication (2FA), the best protection against users using weak passwords, and automated password guessing and brute force attacks.

Features | Getting Started | 14-Day Premium Trial

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator user, and to enforce your website users, or some of them to use 2FA. This plugin is very easy to use. It has wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance.

Maintained & Supported by WP White Security

WP White Security builds high-quality WordPress security & admin plugins such as WPassword, and WP Activity Log, the #1 user-rated activity log plugin for WordPress.

Browse our list of WordPress security plugins to see how our plugins can help you better manage and improve the security of your WordPress websites and users.

WP 2FA Key plugin features & capabilities

Extend the functionality of WP 2FA & automate more

Upgrade to WP 2FA Premium to:

  • Add trusted devices – no need for 2FA code each time you log in,
  • Whitelabel all the 2FA pages – for a consistent user experience,
  • Give the users more 2FA methods to choose from and use,
  • Configure different 2FA policies for different user profiles,
  • More alternative 2FA backup methods,
  • Easily get an overview of users’ 2FA setup with the reports,
  • And many other features.

Refer to the features and benefits page to learn more about the benefits of upgrading to WP 2FA Premium.

Free and Premium Support

Support for WP 2FA is free on the WordPress support forums.

Premium world-class support is available via email to all WP 2FA Premium users.

Note: paid customer support is given priority and is provided via one-to-one email and over the phone. Upgrade to Premium to benefit from priority support.

For any other queries, feedback, or if you simply want to get in touch with us please use our contact form.

As Featured On:

Related Links and Documentation

From within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘WP 2FA’
  3. Install & activate the WP 2FA from your Plugins page.


  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the wp-2fa folder to the /wp-content/plugins/ directory
  3. Activate the WWP 2FA plugin through the ‘Plugins’ menu in WordPress

Captures d’écran

  • The first-time install wizard allows you to setup 2FA on your website and for your user within seconds.
  • The wizards make setting up 2FA very easy, so even non technical users can setup 2FA without requiring help.
  • You can require users to enable 2FA and also give them a grace period to do so.
  • Users can also use one-time codes via email as a two-factor authentication method.
  • You can use policies to require users to instantly set up and use 2FA, so the next time they login they will be prompted with this.
  • It is recommended for all users to also generate backup codes, in case they cannot access the primary device.
  • In the user profile users only have a few 2FA options, so it is not confusing for them and everything is self explanatory.
  • The plugin blocks the accounts of users who are required to have 2FA but fail to enable it within the grace period, so they do not jeopardize the security of your website.


13 novembre 2021
After evaluating four 2FA plugins for WordPress (including premium plugins), I must say this is the best one. It makes 2FA easy to enable for regular users and it follows the same setup and login flow as the “big players” such as Facebook and Twitter. The developer has even hinted on upcoming support for WebAuthn, e.g., Yubikeys (see support topic “support-for-yubikey”), which would take authentication security to the next level. There are some missing features that I would like to see in the future. The lack of these features doesn’t keep me from giving this excellent plugin five stars, since the plugin does exactly what it claims to do. Here are however the improvements I’d like to see. Embed a script for generating QR codes so that no external requests are needed (the plugin currently relies on chart[.]googleapis[.]com). Put the dialog boxes’ content in templates so that they can be overridden without modifying core files (or run the content through a filter). Add a checkbox to the login page so that users can enable “remember this browser” or “do not ask again for 90 days”. Consider adding a premium version so that we who rely on the plugin can fund the development and maintenance.
17 novembre 2021
two star deducted, because the plug-in cannot be color-adjusted and the translation is inadequate, adjustments using CSS are also very difficult, especially for beginners. Also a lot of conflicts with other plugins and last but not least, ... The wizard popup shouldn't always start immediately with the page load, that's really annoying. Precisely because you cannot switch it off optionally. Otherwise stable operation is possible and the plugin works as it should. Thanks for the work! Cheers!
13 octobre 2021
Very easy to setup and configure. What attracted me the most was the onboarding process for new users. It's now a low threshold to 'enforce' 2FA for our clients. Highly recommended!
12 octobre 2021
Support is responsive and knowledgeable. Possible to use custom or third-party frontend login forms. 2FA can be self-configured by users and managed from the frontend, with support for WooCommerce.
Lire les 65 avis

Contributeurs & développeurs

« WP 2FA – Two-factor authentication for WordPress » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.


“WP 2FA – Two-factor authentication for WordPress” a été traduit dans 8 locales. Remerciez l’équipe de traduction pour ses contributions.

Traduisez « WP 2FA – Two-factor authentication for WordPress » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Historique des changements

2.0.0 (2021-12-03)

Release notes: Announcing WP 2FA 2.0 Premium

  • New features

    • Interoperability updates for WP 2fA premium
    • QR code gnerator: QR codes are generated by the plugin without requiring third party services (such as Google and Cloudflare).
    • New setting to allow/disallow users from using other email addresses when configuring 2FA over email.
  • Bug fixes

    • User roles that contain a space can now be excluded.
    • Custom redirection is now honored even after the backup codes setup.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.