• About WordPress
    • About WordPress
    • WordPress.org
    • Documentation
    • Support
    • Feedback
  • Log In
  • Register
Skip to content

WordPress.org

English (UK)

  • Home
  • Themes
  • Plugins
  • Support
  • Get Involved
  • Blog
  • Team P2
  • Translate
  • About
  • Get WordPress

Plugins

  • My Favourites
  • Beta Testing
  • Developers
Download

Two-Factor

By Plugin Contributors
  • Details
  • Reviews
  • Support
  • Development

Description

Use the “Two-Factor Options” section under “Users” “Your Profile” to enable and configure one or multiple two-factor authentication providers for your account:

  • E-mail codes
  • Time Based One-Time Passwords (TOTP)
  • FIDO Universal 2nd Factor (U2F)
  • Backup Codes
  • Dummy Method (only for testing purposes)

For more history, see this post.

Actions & Filters

Here is a list of action and filter hooks provided by the plugin:

  • The two_factor_providers filter overrides the available two-factor providers, such as email and time-based one-time passwords. The array values are PHP classnames of the two-factor providers.
  • The two_factor_enabled_providers_for_user filter overrides the list of two-factor providers enabled for a user. The first argument is an array of enabled provider classnames as values, the second argument is the user ID.
  • two_factor_user_authenticated action which receives the logged in WP_User object as the first argument for determining the logged in user right after the authentication workflow.
  • The two_factor_token_ttl filter overrides the time interval in seconds that an email token is considered after generation. It accepts the time in seconds as the first argument and the ID of the WP_User object being authenticated.

Get Involved

Development happens on GitHub. Join the #core-passwords channel on WordPress Slack (sign up here).

Here is how to get started:

$ git clone https://github.com/wordpress/two-factor.git
$ npm install

Then open a pull request with the suggested changes.

Screenshots

  • Two-factor options under User Profile.
  • U2F Security Keys section under User Profile.
  • Email Code Authentication during WordPress Login.

Reviews

Let’s get this into WP core!

Phil Johnston 19 September 2020
This plugin is working great and was incredibly easy to set up. Excellent work. This is a hugely important project for the entire WordPress community. Thank you! 2Factor is a security standard that everyone should use. With WordPress being used on 30% of websites, having this in WordPress core would be a huge security win for an enormous chunk of the internet. For some, its existence in core may be their first introduction to 2Factor, which is a huge opportunity to not only be more secure, but to educate people. Having it in core would also allow for a standard to be set, and for login flows from plugins to utilize 2factor in a reliable way (think logging in over Headless, or though a WooCommerce login-form on a receipt page, etc). I'm 100% on team lets-get-this-in-core.

Dankeschön

lederwerkstatt 18 September 2020
Vielen Dank für dieses ausgezeichnete und nützliche Plugin zum Schutz der Website!

Hardware support

Sal Sal 18 September 2020
This plugin supports hardware 2FA, which is rare. Thanks!

Great!

bpietraga 16 September 2020
Supports hardware based keys, is free and works great!

very great plugin

swapnica 14 September 2020
This is an awesome plugin.

Must have

Tee Christian 5 September 2020
Honestly, any wordpress website needs this plugin. Thanks, dev!
Read all 123 reviews

Contributors & Developers

“Two-Factor” is open source software. The following people have contributed to this plugin.

Contributors
  • George Stephanis
  • Derek Herman
  • Steven Word
  • Daisuke Takahashi
  • Scott Grant
  • Aaron D. Campbell
  • John Blackbourn
  • Steve Grunwell
  • Stephen Edgar
  • Kaspars
  • Ali H. Arshad
  • Arslan Ahmed

“Two-Factor” has been translated into 24 locales. Thank you to the translators for their contributions.

Translate “Two-Factor” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Change log

See the release history.

Meta

  • Version: 0.7.0
  • Last updated: 4 weeks ago
  • Active installations: 20,000+
  • WordPress Version: 4.3 or higher
  • Tested up to: 5.5.1
  • PHP Version: 5.6 or higher
  • Languages:

    Albanian, Arabic, Chinese (China), Chinese (Hong Kong), Chinese (Taiwan), Czech, Danish, English (Canada), English (UK), English (US), Finnish, French (France), Galician, German, Italian, Japanese, Norwegian (Bokmål), Polish, Russian, Spanish (Mexico), Spanish (Spain), Spanish (Venezuela), Swedish, Urdu and Vietnamese.

    Translate into your language

  • Tags:
    authenticationlogintotptwo factortwo step
  • Advanced View

Ratings

See all
  • 5 stars 112
  • 4 stars 7
  • 3 stars 1
  • 2 stars 1
  • 1 star 2
Log in to submit a review.

Contributors

  • George Stephanis
  • Derek Herman
  • Steven Word
  • Daisuke Takahashi
  • Scott Grant
  • Aaron D. Campbell
  • John Blackbourn
  • Steve Grunwell
  • Stephen Edgar
  • Kaspars
  • Ali H. Arshad
  • Arslan Ahmed

Support

Issues resolved in last two months:

6 out of 8

View support forum

  • About
  • Blog
  • Hosting
  • Donate
  • Support
  • Developers
  • Get Involved
  • Showcase
  • Plugins
  • Themes
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • Privacy
  • Public Code
  • @WordPress
  • WordPress

Code is Poetry.