WordPress Two Factor Authentication TFA Description
The password is the standard security implementation in the computer world. However, passwords can be guessed, hacked, or intercepted. To combat these weaknesses you should install two-factor authentication methods, which provide a secret login key with one time passwords (OTP) that are not vulnerable to brute-force attacks
The two-factor authentication (2FA) plugin from CreativeMinds can employ the following authentication methods:
- Two Factor Authentication using Google Authenticator as a secret key that generates a one time password
- Two Factor Authentication using a Mobile phone to receive OTP text messages
- Two Factor Authentication using a user’s email address to receive OTP emails
- Two Factor Authentication using OTP verification links that are sent to the user’s email
Using One Time Passwords (OTP) and the User Registration Plugin
- Improve WordPress site security – Add an additional unique level of security to each user account with a secret key, helping to block hackers, bots, malicious users and other unwanted intruders
- Define which accounts need enhanced password security – Admin can define which account type needs OTP security access
- Define 2FA Expiration time – Admin can define how long each verification option is valid until the user needs to generate a new one
- Define time to logout – Admin can define how long each user can use their recent OTP login, in case they are not active for a defined amount of time
WordPress Two-Factor Authentication Plugin Localization
Localization SupportAll frontend labels easily be changed to any language so the user interface will speak your language.
|Plugin Labels Settings|
WordPress Two-Factor Authentication Plugin Additional Resources
WordPress Two Factor Authentication Methods and Secure Login Premium Features
- Supports Google Authenticator – Supports site login using a GA mobile app. Meaning that when a user tries to login they will need to enter a unique code generated in their GA app, Google Authenticator uses Time based One Time Passwords (TOTP) and HMAC based One Time Passwords (HOTP) to Protect your Website
- Supports Mobile Phone SMS – Supports site login using the Amazon SMS service (AWS SNS). This means that a text message will be sent to the user with the OTP they need to enter in order to login
- Supports Email verification – Supports site login credentials using an email verification. An email message containing a unique link will be sent to the user. When the user clicks on the link they will be able to login
- Supports Email code – Supports site login credentials using a code sent to the user’s email. An email message containing a unique code will be sent to the user. When the user enters the code to the login screen they will be able to login
- Customize notifications – All notifications, including SMS and email templates can be easily customized
- Control access by role – Define which user roles need enhanced 2FA. Require an extra layer of security for users who are prone to using a weak password or a common password
- Control access for each specific user profile – Supports security level of user account and reset the security method
- Define authentication code duration – Define the duration of each code sent to the user. After expiration user will need to generate a new code
- Override password – Admin can decide to completely remove the password requirement from user login credentials
- Shortcode supports – Supports external login forms using a shortcode
WordPress Two Step Authentication Related Plugins
WordPress Two Factor Authentication Frequently asked questions
Does the SMS two factor authentication work in any country?
Does the SMS two factor authentication cost money?
Does the two factor service cost additional money?
How to use the Google Authenticator authentication?
The Google Authenticator app can be downloaded to an iPhone or an Android It’s a free app. Once installed, you need to do an initial setup and after the setup it will produce a unique code to login to the site. Learn how to use it on Install Google Authenticator – Android – Google Account Help
How can the SMS service send a text if I don't have the user's mobile phone number?
Can I set the 2FA to only work for admin users?
Can each user use a different 2FA method?
Will it work with WooCommerce Form?
Secure Login and Two-Factor Authentication Image Gallery
Version 1.4.7 13th Dec 2018
- Compatible with “Login Widget With Shortcode” plugin
Version 1.4.6 23rd Nov 2018
- Bugfix related to session
Version 1.4.5 15th Nov 2018
Added support with woocommerce login form
Version 1.4.4 13th Sep 2018
- Fixed phone number for the SMS update issue in edit profile section.
Version 1.4.3 31st Aug 2018
- Fixed twice click issue on buttons.
- Updated license package
Version 1.4.2 16th Aug 2018
- Added new option in settings that allow users to choose between “Send Code via Email” / “Send Code via SMS” in login page.
Version 1.4.1 5th Aug 2018
- Updated login instructions default URL
- Updated license package
Version 1.4.0 17th Oct 2017
- Added option to set the user’s phone number on the “Add new user” page in wp-admin.
Version 1.3.0 11th Oct 2017
- Added option to change the SMS/email code length and define the characters set.
- Fixed some issue with logging-in when using the email link.
- Fixed error with email code – it was calling sms ajax action.
Version 1.2.0 8th Aug 2017
- Added option to send the notification email with the email/SMS code or the confirmation link to an additional email address for chosen roles
Version 1.1.4 8th Aug 2017
- Fixed bug with multiple AJAX calls
Version 1.1.3 11th July 2017
- Added option to send the Google Authenticator secret reminder email to a user
Version 1.1.2 11th July 2017
- Added a back link on the login confirmation screen after confirmed by the email link
- Added option to send the notification email only to roles that have to use the protection
Version 1.1.1 10th July 2017
- Added feature to notify all users about the protection by sending the email
- Added instructions text that can be displayed on the login form
- Minor adjustments