Description

Use the “Two-Factor Options” section under “Users” “Your Profile” to enable and configure one or multiple two-factor authentication providers for your account:

E-mail codes
Time Based One-Time Passwords (TOTP)
FIDO Universal 2nd Factor (U2F)
Backup Codes
Dummy Method (only for testing purposes)

For more history, see this post.

Actions & Filters

Here is a list of action and filter hooks provided by the plugin:

The two_factor_providers filter overrides the available two-factor providers, such as email and time-based one-time passwords. The array values are PHP classnames of the two-factor providers.
The two_factor_enabled_providers_for_user filter overrides the list of two-factor providers enabled for a user. The first argument is an array of enabled provider classnames as values, the second argument is the user ID.
two_factor_user_authenticated action which receives the logged in WP_User object as the first argument for determining the logged in user right after the authentication workflow.
The two_factor_token_ttl filter overrides the time interval in seconds that an email token is considered after generation. It accepts the time in seconds as the first argument and the ID of the WP_User object being authenticated.

Screenshots

Two-factor options under User Profile.
U2F Security Keys section under User Profile.
Email Code Authentication during WordPress Login.

FAQ

How can I send feedback or get help with a bug?

The best place to report bugs, feature suggestions, or any other (non-security) feedback is at the Two Factor GitHub issues page. Before submitting a new issue, please search the existing issues to check if someone else has reported the same feedback.

Where can I report security bugs?

The plugin contributors and WordPress community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please visit the WordPress HackerOne program.

Reviews

3ehrouz 27 March 2023

Thanks for your efforts got some problems with Auth Apps but email method works just fine

Pagecode 16 March 2023

Best way to protect logins on WP

michellecollums19 19 February 2023

It really helps me a lot

Timi Wahalahti 24 January 2023

Works flawlessly! Easy UI for users to setup their 2FA, does not need much configuration if at all. And what I appericiate, does just one thing and does it good - instead of being packed with multiple more or less related functionalities.

atkulp 6 December 2022

This is a great plugin to enable something Wordpress should probably offer out of the box. With all the hits I see trying to login to my site, I feel safer knowing I have two-factor enabled! My only request would be to be able to set a cookie to trust a given browser longer so I don't need to reauthenticate as often on my main laptop.