FAIR

Federated and Independent Repositories

WP 2FA – Two-factor authentication for WordPress

Plugin Banner

WP 2FA – Two-factor authentication for WordPress

by Melapress

Download
Description

A free and easy-to-use two-factor authentication plugin for WordPress

Add an extra layer of security to your WordPress website login and protect your users. Enable two-factor authentication (2FA), the best protection against password leaks, automated password guessing, and brute force attacks.

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator, enforce 2FA for all your website users, or for users with specific roles. This plugin is very easy to use; everything can be configured via wizards with clear instructions, so even non-technical users can set up 2FA without requiring technical assistance.

Features | Getting Started | Get the Premium!

🔒 WP 2FA key plugin features and capabilities

  • Passkeys support for passwordless logins
  • Free two-factor authentication (2FA) for all users
  • Multiple 2FA methods supported, including authenticator app (TOTP) and code over email
  • Developer API to integrate any alternative 2FA method (WhatsApp, OTP Token, etc.)
  • Universal 2FA app support – works with Google Authenticator, Authy, and any TOTP-compatible app
  • Backup codes (16 digits) for recovery access
  • Wizard-driven setup – no technical knowledge required
  • 2FA policies to enforce setup with grace periods or instant activation
  • REST API endpoints for custom integrations and headless WordPress setups
  • Dashboard-free setup – users can configure 2FA without WP admin access
  • Editable email templates for full customization
  • Much more!

💎 Upgrade to WP 2FA Premium and get even more benefits

The premium version of WP 2FA comes bundled with even more features to take your WordPress website login security to the next level.

With the premium edition of WP 2FA, you get more 2FA methods, 1-click integration with WooCommerce, trusted devices feature, extensive white labeling capabilities, and much more!

Check out WP 2FA Premium!

Premium features list

  • Everything in the free version
  • Full white labeling capabilities to change all text and visuals in the wizards, emails, SMS, and 2FA pages
  • Support for multiple passkeys per user for flexible passwordless logins
  • Zero-setup email 2FA that automatically enrolls users without manual configuration
  • YubiKey hardware key support for enterprise-grade security
  • Additional 2FA methods such as SMS, email link, and more
  • Trusted devices so users can log in without 2FA for a configured period
  • Require 2FA on password reset to strengthen account protection
  • Allow next user login without 2FA to help recover accounts locked out of authentication
  • One-click WooCommerce integration to enable 2FA for customers and store admins
  • And much more!

Refer to the WP 2FA plugin features and benefits page to learn more about the benefits of upgrading to WP 2FA Premium.

🛠️ Free and premium support

Support for the free edition of WP 2FA is free on the WordPress support forums. Premium world-class support via one-to-one email is available to the Premium users – upgrade to premium to benefit from email support.

For any other queries, feedback, or if you simply want to get in touch with us, please use our contact form.

MAINTAINED & SUPPORTED BY MELAPRESS

Melapress develops high-quality WordPress management and security plugins, such as Melapress Login Security, Melapress Role Editor, and WP Activity Log; the #1 user-rated activity log plugin for WordPress.

Browse our list of WordPress security and administration plugins to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.

Installing WP 2FA

From within WordPress

  1. Navigate to ‘Plugins’ > ‘Add New’
  2. Search for ‘WP 2FA’
  3. Install & activate WP 2FA from your Plugins page

Manually

  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the folder to the ‘/wp-content/plugins/ directory’
  3. Activate the WP 2FA plugin through the ‘Plugins’ menu in WordPress

As featured on:

  1. The first-time install wizard allows you to set up 2FA on your website and for your users within seconds.

    The first-time install wizard allows you to set up 2FA on your website and for your users within seconds.

  2. The wizards make setting up 2FA very easy, so even non-technical users can set up 2FA without requiring help.

    The wizards make setting up 2FA very easy, so even non-technical users can set up 2FA without requiring help.

  3. You can require users to enable 2FA and also give them a grace period to do so.

    You can require users to enable 2FA and also give them a grace period to do so.

  4. Users can also use one-time codes via email as a two-factor authentication method.

    Users can also use one-time codes via email as a two-factor authentication method.

  5. You can use policies to require users to instantly set up and use 2FA, so the next time they log in, they will be prompted with this.

    You can use policies to require users to instantly set up and use 2FA, so the next time they log in, they will be prompted with this.

  6. You can give users a grace period until they configure 2FA. You can also specify what the plugin should do once the grace period is over.

    You can give users a grace period until they configure 2FA. You can also specify what the plugin should do once the grace period is over.

  7. It is recommended for all users to also generate backup codes, in case they cannot access the primary device.

    It is recommended for all users to also generate backup codes, in case they cannot access the primary device.

  8. In the user profile, users only have a few 2FA options, so it is not confusing for them, and everything is self-explanatory.

    In the user profile, users only have a few 2FA options, so it is not confusing for them, and everything is self-explanatory.

Does the plugin send any data to Melapress?

No, the plugin does not send any data to us whatsoever. The only data we receive is license data from the premium edition of the plugin.

What 2FA methods are available with the plugin?

The free edition of WP 2FA includes the following 2FA methods: Authenticator app 2FA and code over email. This allows you to use Google Authenticator OTP The premium edition adds YubiKey, one-click email link, SMS 2FA, and Authy push notifications.

How can I integrate two-factor authentication (2FA) into my custom login process or AJAX-based form?

WP 2FA includes a REST API that allows developers to enable and verify 2FA during custom authentication flows, such as AJAX-based login forms, mobile apps, or headless WordPress websites. Refer to the REST API in WP 2FA documentation for more information.

How can I ensure I do not get locked out?

WP 2FA includes backup authentication methods so that if the primary authentication method fails, you and your users can still log in. The free version of the plugin includes backup codes, which can be configured during 2FA configuration or at any point after that from the profile page. The premium edition adds 2FA backup codes over email.

What happens if I get locked out?

In the unlikely event that you are unable to supply your 2FA code, there are several steps you can take to gain access to your WordPress dashboard. First, check if there is another administrator who can reset your 2FA. If this is not possible, manually deactivate the plugin, log in without 2FA, re-activate the plugin, and then reconfigure your 2FA.

Does WP 2FA support multi-site networks?

Yes, WP 2FA is multisite compatible. The plugin can be activated at the network level. 2FA policies can be enforced on all users, a subsection of users, or per site on the network. It also supports network setups with different domains.

Does the plugin receive updates?

We update the plugin fairly regularly to ensure the plugin continues to run in tip-top shape while adding new features from time to time.

Does the plugin support Google Authenticator?

Yes, WP 2FA fully supports Google Authenticator on WordPress. WP 2FA also supports many other 2FA authenticator apps.

Can I get support if I get stuck?

Support for the free edition of the plugin is provided only via the WordPress.org support forums. You can also refer to our support pages for all the technical and product documentation.

If you are using the Premium edition, you get direct access to our support team via one-to-one email support.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. Please use this form. For more details, please refer to our Melapress plugins security program.

Great plugin with great support

By wissmannconsulting on February 24, 2026

This plugin is a real game changer for my website => even in the free basic version. The upgrade will definitely follow soon.

Highly recommended! I'm very happy to be able to offer 2FA to my online community in such an easy way.

Thank you so much! 🥳🙏🎉

Responsive support team

By cospark on February 18, 2026

Several of our clients employ this plugin for 2FA. Some of these clients have unusual or advanced requirements, and the support team has certainly gone the extra mile—including adding an additional filter to the plugin code for more advanced configuration—to help address these needs.

great plugin

By pyroahfl on February 9, 2026

Easy to install and critical for site security. Also, their support was quick to follow up with questions I had.

Best MFA plugin

By mirally on January 27, 2026

WP 2FA is the best MFA plugin ! Simple and easy to use. I had an issue while moving a website for another hosting and they told me quickly what I needed to do. Great support, fast and effective. Thank you Melapress team !

Great support

By Jan Zoutendijk (blauwhelm) on December 16, 2025

The plugin works great for us and the support is very quick!

Easy to use

By Dian (kelasdian) on November 26, 2025

Responsive support

Good Service

By srobweston on November 24, 2025

The logging and audit worked - but what really made it good was the support. Even on a complex issue - they were very quick to respond

Great plugin with excellent support

By maxity on November 5, 2025

Great 2FA plugin which is easy to setup and use. The support we received for an account problem was fast and professional. Recommended!

Great Plugin!

By robelliman28 on November 4, 2025

I have been using WP2FA for a good while now and it's great. Plenty of options to accommodate most needs and the support is second to none! Lucian and the Dev team are responsive, knowledgeable and don't fob you off by telling you to 'read the instructions', if something is wrong, they actually listen and truly work with you to resolve the issue. I expect i'll be using other plugins from Melapress in the future. Great plugin, great Support.

Exceptional Support

By 1957mlc on October 14, 2025

I had an issue with my account, and initial reply was within a day. Subsequent responses were immediate, and they worked with me to get our problem resolved quickly.

3.1.1.2 (2026-02-25)

  • Improvements
    • Added a check in the wizard for when a user is setting up 2FA over email, to restrict user to only use the email address on account if they are not allowed to use any other email address.
    • Improved the survey admin notice logic so that once acted upon, it does not reappear after plugin updates.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.

Back to top