Google Authenticator – Two-Factor (WP 2FA / OTP) – Provides secure login to WordPress. This plugin can be configured for any TOTP-based/OTP Login 2fa methods like Duo/Microsoft/Google Authenticator. It supports OTP login based 2fa methods.
USERS DON’T REQUIRE ACCESS TO THE WORDPRESS DASHBOARD TO SET UP 2FA making it extremely easy and secure to implement.
Check out following video to configure google authenticator as a 2fa:
[Google Authenticator – Two step verification/ 2 Factor Authentication/ WP 2FA]
- QR Code authentication, Push Notification, Soft Token and Security Questions(KBA) for multi-factor authentication(WP 2FA/MFA).
- Language Translation Support.
- User Profile 2fa: Administrators can set up Two-Factor (2FA) of users via WordPress users section
- Multi Factor Authentication(MFA): This feature can be used to invoke any two-factor method on login among multiple methods which were configured. You can configure multiple TOTP/OTP Login based 2fa methods that can be used as a backup 2fa method
- Two-Factor Authentication ( TFA/2FA ) for Ajax login forms like User Pro, login with ajax, Theme my login, etc.
- Passwordless login and login with phone number
- Prevent account sharing: Google Authenticator(WP 2FA) is OTP login based method which restricts users from sharing WordPress login credentials which help to secure WordPress Websites. The Google authenticator plugin also adds a session control feature that limits user sessions based on WordPress User activities.
- This plugin Supports standard TOTP
- Two-Factor Authentication (WP 2FA/TFA) allows authentication on the login page itself for Google Authenticator & miniOrange Soft Token.
- 3 users free for lifetime.
- Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login /Login without password /Password free authentication.
- Recovery codes in case you are locked out for all Two-Factor Authentication (WP 2FA/TFA)
- Mobile verification – two step verification (WP 2FA/TFA) using authentication methods like Google Authenticator, QR code authentication, etc.
Apps Supported by the two-factor authentication (2FA / MFA) plugin
- Google Authenticator
- miniOrange Authenticator
- Duo Authenticator
- Microsoft Authenticator
- Authy 2-Factor Authenticator
- LastPass Authenticator
- FreeOTP Authenticator
Maintained & Supported by miniOrange
We are experts in the field of security and have released advanced WordPress solutions such as Password Policy Manager.
Apart from this, we also have Broken Link Checker to scan detect and fix your broken links to keep your site functioning smoothly.
User Identity Verification or multi-factor authentication with Google Authenticator
Login and Registration: Verify users on login with different TOTP Login methods & other OTP/2fa methods like OTP over SMS, OTP Over Email, OTP Over Telegram, Google Authenticator, SMS Verification, Email Verification, Authy Authenticator, Duo Authenticator, Microsoft Authenticator, TOTP Based Authenticator, Security Questions, and many others.
Users will receive an OTP at the time of registration which will be used to verify their identity. OTP authentication can be done via either of the OTP Login methods(OTP Over email or via OTP over SMS).
Plugin Integrations and Support for all methods of two-factor authentication/two step verification ( WP 2FA/TFA/OTP Authentication )
Our plugin is integrated with popular Plugins such as WooCommerce, Ultimate member, User Registration, Restrict Content Pro, Login Press, Registration Magic, Admin Custom Login, Buddy Press, Theme My Login, Elementor Pro, Profile Builder, Login With Ajax and many more.
[Third Party Custom SMS Gateway for OTP Over SMS](https://plugins.miniorange.com/wordpress-two-factor-authentication-setup-guides#) ( OTP Login/two-factor authentication / 2FA )
The premium plugin supports any third-party custom SMS Gateway. If you don’t have your SMS gateway you can use miniOrange gateway and send SMS(OTP over SMS) all over the world for OTP authentication.
Here are some famous gateways supported for two-factor (WP 2FA/TFA/OTP).
Test your Gateway
Why do you need to register for google authenticator?
Google authenticator uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign API keys specific to your account. This way your account and users’ calls can be only accessed by API keys assigned to you.
Google Authenticator ( WP 2FA – two-factor authentication ) All Inclusive Plugin Features
- Google Authenticator – Two-Factor Authentication (WP 2FA/TFA) for all users and all user roles ( Site-based pricing )
- Two-Factor Authentication Methods: Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, Security Questions, OTP Authentication( OTP Over Email & OTP Over SMS), Email Verification, Mobile Verification ( SMS credits need to be purchased as per the need)
- Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login /Login without password /Password free authentication. You can opt between a password and 2FA or only a second factor.
- Unlimited Email transactions
- Backup Method: KBA (Security Questions), OTP Over Email, Backup codes.
- User role based redirection after Login
- Customize account name in Google Authenticator app
- Custom Security Questions (KBA)
- Role based 2 Factor
- Force Two-factor for users
- Email notification to users asking them to set up Two-Factor Authentication (WP 2FA/TFA)
- Remember Device to skip 2fa
- Customizable Login UI Popup: Using google authenticator plugin you can customize the user interface of the login popup as per your preference.
- Multisite compatible (only 3 subsites)
Google Authenticator ( WP 2FA / OTP ) Enterprise Plugin Features
- Google Authenticator – Two-Factor Authentication – 2FA for Users as per the upgrade ( User-based pricing )
- Available Authentication Methods: Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Authentication(OTP Over Email, OTP Over SMS or OTP Over SMS and Email), Email Verification, Hardware Token. ( SMS and Email credits need to be purchased for successful OTP authentication as per the need)
- Multiple Login Options: Username + password + two-factor Authentication (2FA) or Username + two-factor authentication(2FA) i.e. Passwordless login /Login without password.
- Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes.
- Sync 2fa for multiple websites
- Multisite compatible for all WordPress 2FA methods.
- Email notification to users asking them to set up Google Authenticator – Two-Factor Authentication (WP 2FA/TFA).
- User role based redirection after Login, Custom Security Questions (KBA), Customizable account name in Google Authenticator app.
- Enable Two-Factor Authentication (WP 2FA/OTP) for specific Users/User Roles
- Choose specific 2fa methods for Users
- Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
- Brute force attack prevention, IP Blocking & User login Monitoring
- File protection & strong password
- Monitoring current Google Authenticator and other two-factor authentication (2 Factor) method of all the users in the plugin
- Session restriction
Add Ons for two-factor authentication ( WP 2FA / OTP )
RBA & Trusted Devices Management Add-on Features for two-factor authentication ( WP 2FA/OTP Login )
- Remember Device to skip the two-factor authentication ( 2 Factor ) from the trusted devices.
- Set Device Limit for the users to login
Personalization Add-on Features to customize your two-factor authentication/OTP Authentication pages
- Custom UI of Two-Factor Authentication (WP 2FA/TFA) pop-ups
- Custom Email and SMS Templates
- Customize ‘Powered by’ Logo on wp 2fa authentication page
- Customize Plugin Icon
- Customize Plugin Name
Short Codes Add-on Features for two-factor authentication ( 2FA / MFA )
- Turn on/off 2 factor (two-factor authentication) by user
- Reconfigure 2fa methods
- ‘Enable Remember Device’ from a custom login form to skip 2-factor for trusted devices.
- On-Demand ShortCodes for specific functionalities ( like for enabling WordPress 2FA (Two-Factor authentication) for specific pages)
Device restriction with webauthn/ FIDO2
Password free authentication is possible with WebAuthn.
Check all the security features other than two-factor authentication ( Two step verification/OTP authentication ) here: miniOrange Website
Useful blog posts about two-factor authentication ( 2FA / MFA ) plugin
- Beginner’s Guide: How to Add Two-Factor Authentication to WordPress
- How to Add WordPress Two-Factor Authentication (WP 2FA/TFA)
- How to translate WordPress Two-Factor Authentication (WP 2FA/TFA)
- Simple method to add Two Factor Authentication in WordPress
- WordPress two factor authentication – How to Setup 2FA
- OTP over WhatsApp
Customized solutions and Active support are available. Email us at firstname.lastname@example.org or call us at +1 9786589387.
Note: The plugin is GDPR Compliant and supports a wide variety of Language Translation
From your WordPress dashboard
- Navigate to
Plugins > Add Newfrom your WP Admin dashboard.
- Search for
miniOrange 2 Factor Authentication (2FA)or
miniOrange 2 Factor Authentication (2FA)and activate the plugin.
- Search for
miniOrange 2 Factor Authentication (2FA)and download it.
- Unzip and upload the
miniorange-2-factor-authentication (2FA)directory to your
- Activate miniOrange 2 Factor Authentication (2FA) from the Plugins tab of your admin dashboard.
Video Guide :
How do I gain access to my website if I get locked out using the Google Authenticator?
You can obtain access to your website by one of the below options:
- If you have an additional administrator account whose Two-Factor (2FA) is not enabled yet, you can login with it.
- If you had set up KBA questions earlier, you can use them as an alternate method to login to your website instead of 2FA.
- Rename the plugin from FTP – this disables the Google Authenticator (WP 2FA/TFA) plugin and you will be able to login with your WordPress username and password.
For detailed information, Please check on our website. Locked Out.
You can also check our video Tutorial:
I want to enable Google Authenticator 2 Factor authentication (2FA) as the backup method?
You can use google authenticator as the backup method for your specific user or all users in the premium version of the two-factor authentication. [PREMIUM FEATURE]
I have enabled Two-Factor Authentication (2FA / TFA) for all users, what happens if an end-user tries to login but has not yet registered?
If a user has not set up Two-Factor yet, the user has to register by inline registration that will be invoked during the login.
I want to enable only one authentication method for my users. What should I do?
You can select the two-factor authentication methods under the Login Settings tab. The selected authentication methods will be shown to the user during inline registration for example if you select Google Authenticator it will be shown on login. [PREMIUM FEATURE]
I have a custom/front-end login page on my site and I want the look and feel to remain the same when I add 2-factor ?
If you have a custom login form other than wp-login.php then we will provide you the shortcode. Shortcode will work only for the customized login page created from WordPress plugins. We are not claiming that it will work with all the customized login pages. In such a case, custom work is needed to integrate two-factor with your customized login page. You can submit a query in our Support Section in the plugin or you can contact us at email@example.com for more details.
I have installed plugins that limit the login attempts like Limit Login Attempt, Loginizer, Wordfence, etc. Are there any incompatibilities with these kinds of plugins?
The limit login attempt kind of plugins limit the number of login attempts and block the IP temporarily. So if you are using 2 factor(WP 2fa/TFA) along with these kinds of plugins then you should increase the login attempts (minimum 5) so that you don’t get locked out yourself.
If you are using any Security Plugin in WordPress like Simple Security Firewall, All in One WP Security Plugin and you are not able to login with Two-Factor.
Our Two-Factor plugin is compatible with most of the security plugins, but if it is not working for you. Please submit a query in our Support Section in the plugin or you can contact us at firstname.lastname@example.org.
If you are using Async JS and CSS Plugin. Please go to its settings and add jquery to the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at email@example.com.
My phone has no internet connectivity and I am entering the one time passcode from miniOrange Authenticator App during OTP login, it says Invalid OTP?
Click on the Settings Icon on top right corner in miniOrange Authenticator App and then press Sync button under ‘Time correction for codes’ to sync your time with miniOrange Servers. If you still can’t logged in then please email us at firstname.lastname@example.org or Contact us.Soft Token method is just like google authenticator method.
I am upgrading my phone.
You should go to Setup Two-Factor (2FA) Tab and click on Reconfigure to reconfigure 2-Factor with your new phone.
Contributors & Developers
“miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
- Google Authenticator – Two factor Authentication (2FA, OTP) :
- Bug fix- Headers already sent
- Added SMTP check for sending backup codes on 2fa prompt
- Google Authenticator – Two factor Authentication (2FA, OTP) :
- Added new feature – the grace period for users
- Updated setup wizard UI – Included user-based settings in the wizard
- Added dashboard to check 2fa status of users
- Login report of users available even when Network Security is disabled
- Handled backup codes flow when sitestats is unreachable
- Added access control and nonce checks in some flows – Malware scan, plugin enable/disable
- Fixed warning issues – fetching location details using geoplugin API
For older changelog entries, please see the additional changelog.txt file provided with the plugin.