Home >> All Products >> WordPress Plugin

Secure Login and Two-Factor Authentication Solution for WordPress

A robust solution for WordPress two-factor authentication and provides better account security for your WordPress users

Show more

WP admin can choose a preferred method from four available 2FA methods

Show less

WordPress Two Factor Authentication TFA Plugin Description

The password is the standard security implementation in the computer world. However, passwords can be guessed, hacked, or intercepted. To combat these weaknesses you should install a two-factor authentication solution, which isn’t vulnerable to brute-force attacks

Securing Users Accounts

Unlike passwords, two-factor authentication (2FA) is a two-step process that asks for an additional unique identification such as sending a one time passcode to your mobile phone, sending a one time passcode to your email account or by using an external service such as Google Authenticator

The Secure WordPress Login plugin from CreativeMinds offers a robust solution for two-factor authentication. It lets the WordPress administrator choose a method from the four available to secure the WordPress site login

The WordPress Two-Factor Authentication plugin also lets the WordPress administrator define which user roles require two-factor login. The admin can of course apply our enhanced security check for all users

The WordPress login screen which includes an additional step for email verification
The WordPress login screen which includes an additional step for email verification

The two-factor authentication (2FA) plugin from CreativeMinds can employ the following methods:

  • Two Factor Authentication using Google Authenticator
  • Two Factor Authentication using a Mobile phone by sending an SMS
  • Two Factor Authentication using a verification link which is sent to the user’s email
  • Two Factor Authentication using a one time code which is sent to the user’s email

Using the User Login and User Registration Plugin

  • Improve WordPress site security – Add an additional unique level of security to each user account, helping to block hackers, bots, malicious users and other unwanted intruders
  • Define which accounts need enhanced security – Admin can define which account type needs extra access security
  • Define 2FA Expiration time – Admin can define how long each verification option is valid until the user needs to generate a new one
  • Define time to logout – Admin can define how long each user can use their recent login, in case they are not active for a defined amount of time

WordPress Two-Factor Authentication Plugin Localization

Localization Support

All frontend labels easily be changed to any language so the user interface will speak your language.
Plugin Labels Settings
Plugin Labels Settings

WordPress Two-Factor Authentication Plugin Additional Resources

WordPress Two Factor Authentication and Secure Login Premium Features

  • Supports Google Authenticator – Supports site login using a GA mobile app. Meaning that when a user tries to login they will need to enter a unique code generated in their GA app, Google Authenticator uses Time based One Time Passwords (TOTP) and HMAC based One Time Passwords (HOTP) to Protect your Website
  • Supports Mobile Phone SMS – Supports site login using the Amazon SMS service (AWS SNS). This means that a text message will be sent to the user with a one time code which they need to enter in order to login
  • Supports Email verification – Supports site login using an email verification. An email message containing a unique link will be sent to the user. When the user clicks on the link they will be able to login
  • Supports Email code – Supports site login using a code sent to the user’s email. An email message containing a unique code will be sent to the user. When the user enters the code to the login screen they will be able to login
  • Customize notifications – All notifications, including SMS and email templates can be easily customized
  • Control access by role – Define which user roles need enhanced 2FA. Require an extra layer of security for users who are prone to using weak passwords or common passwords
  • Control access for each specific user profile – Supports security level of user account and reset the security method
  • Define authentication code duration – Define the duration of each code sent to the user. After expiration user will need to generate a new code
  • Override password – Admin can decide to completely remove the password requirement from user login
  • Shortcode supports – Supports external login forms using a shortcode

WordPress Two Step Authentication Related Plugins

Site and Content Restriction
A fully-featured, powerful membership solution and content restriction plugin for WordPress. Supports access by role to content on your site.
Registration and Invitation Codes
Adds a registration and login popup to your WP site. Supports invitation codes, email verification and assign user roles.
Email Blacklist
Protects your Wordpress site registration by blocking email addresses and domains using blacklisted and whitelisted lists.

WordPress Two Factor Authentication Frequently asked questions

Does the SMS two factor authentication work in any country?

Yes. You can use it in any country which is covered by Amazon SNS service. You can see the list of countries here

Does the SMS two factor authentication cost money?

Yes. You need to sign up to Amazon SNS and choose your plan. More information about pricing for the SMS notifications can be found here

Does the two factor service cost additional money?

Out of the 4 available options Google Authenticator, Email link verification and email code are free for unlimited use. The only service which costs money is the Amazon SNS. Pricing for the SNS service can be found here

How can the SMS service send a text if I don't have the user's mobile phone number?

Once you activate the SNS service, a new user field is added to the user profile with the user’s mobile phone number. The first time the user logs in, the system sends them an email asking them to enter their mobile phone number. Once they do this, the information is saved in their user profile.

Can I set the 2FA to only work for admin users?

Sure. You can define that only users with admin roles have to use the two factor authentication. All other users will be logged in normally.

Can each user use a different 2FA method?

No, this is not supported. Once the admin sets the preferred 2FA method, all users which are included in the 2FA setting will be using the set method. The admin can change the method which will also require all users to use the new method.

Will it work with WooCommerce Form?

Yes. Since version 1.4.5 we have added support to include the 2FA method in the WooCommerce form.

Still have questions? Send us a message and we will reply within 24 hours.



Secure Login and Two-Factor Authentication Image Gallery

Back-end Gallery

Version 1.4.6 23rd Nov 2018

  • Bugfix related to session

Version 1.4.5 15th Nov 2018

    Added support with woocommerce login form

Version 1.4.4 13th Sep 2018

  • Fixed phone number for the SMS update issue in edit profile section.

Version 1.4.3 31st Aug 2018

  • Fixed twice click issue on buttons.
  • Updated license package

Version 1.4.2 16th Aug 2018

  • Added new option in settings that allow users to choose between “Send Code via Email” / “Send Code via SMS” in login page.

Version 1.4.1 5th Aug 2018

  • Updated login instructions default URL
  • Updated license package

Version 1.4.0 17th Oct 2017

  • Added option to set the user’s phone number on the “Add new user” page in wp-admin.

Version 1.3.0 11th Oct 2017

  • Added option to change the SMS/email code length and define the characters set.
  • Fixed some issue with logging-in when using the email link.
  • Fixed error with email code – it was calling sms ajax action.

Version 1.2.0 8th Aug 2017

  • Added option to send the notification email with the email/SMS code or the confirmation link to an additional email address for chosen roles

Version 1.1.4 8th Aug 2017

  • Fixed bug with multiple AJAX calls

Version 1.1.3 11th July 2017

  • Added option to send the Google Authenticator secret reminder email to a user

Version 1.1.2 11th July 2017

  • Added a back link on the login confirmation screen after confirmed by the email link
  • Added option to send the notification email only to roles that have to use the protection

Version 1.1.1 10th July 2017

  • Added feature to notify all users about the protection by sending the email
  • Added instructions text that can be displayed on the login form
  • Minor adjustments

Plugin First Release 18th June 2017