Plugin categories

Create a Website with AI
All pluginsSecurity

Two Factor Authentication

Two Factor Authentication

Two Factor Authentication

Visit the website

Secure WordPress login with Two Factor Authentication - supports WP, Woo + other login forms, HOTP, TOTP (Google Authenticator, Authy, etc.)

4.4

Rating summary

77

Reviews

20K

Active installations

Download the Plugin
Two Factor Authentication
Two Factor Authentication
Two Factor Authentication
Two Factor Authentication
Two Factor Authentication
+8

Overview

Compatibility

Installation instructions

Customer support & learning resources

Changelog

Main benefits

Supports TOTP + HOTP

Graphical QR code display

Per-role TFA availability

Trusted devices option

Encrypts secret keys

About this plugin

Categories: Security
Version: 1.14.23
Last updated: 25-06-2024
WordPress version: 3.4
Tested up to: 6.6
PHP version required: 5.6
Languages: English (Australia), English (Canada) [+13]
Learning resources: View resources

Overview

This WordPress Two-Factor Authentication (TFA / 2FA) plugin bolsters website security by requiring users to enter a one-time code in addition to their password during login. Developed by the creators of UpdraftPlus, the plugin supports standard TOTP and HOTP protocols, making it compatible with apps like Google Authenticator and Authy. Key features include graphical QR codes for easy setup, role-based availability of TFA, and the ability for site owners to enforce TFA for specified user levels after a certain period. Users can manage their TFA settings via front-end editing, and premium options offer enhanced functionalities such as trusted devices, encryption of secret keys, and comprehensive third-party login form support. This plugin is designed for ease of use, additional security measures, and compatibility with popular WordPress tools and frameworks, ensuring a robust security solution for WordPress sites.

Enhanced Security

  • Supports standard TOTP + HOTP protocols, compatible with Google Authenticator, Authy, and many others.
  • Encrypts TFA-generating secret keys using an on-disk encryption key, requiring attackers to break into both the WordPress database and files.
  • Includes extra security checks and alerts users if someone appears to have found out their password.

User Flexibility

  • TFA can be turned on or off by each user and made available on a per-role basis.
  • Supports front-end editing of settings via shortcode, allowing users to manage TFA without accessing the WP dashboard.
  • Allows site owners to enable 'trusted devices' to reduce the frequency of TFA code requests.

Compatibility with Various Login Forms

  • Works with 'Theme My Login', WooCommerce, Affiliates-WP, Ultimate Membership Pro, CozmosLabs Profile Builder, and Ultimate Member login forms.
  • Supports Elementor Pro, bbPress, and Gravity Forms User Registration add-on login forms in the Premium version.
  • Compatible with any third-party login form in the Premium version without additional coding.

Administrative Control

  • Administrators can access and manage other users' TFA codes, turning them on or off as needed.
  • TFA can be required for specified user levels after a defined time period, with options to force immediate setup.
  • Includes emergency codes for users who lose their phone/tablet in the Premium version.

Features list

Feature

Premium version

Supports standard TOTP + HOTP protocols

Supports standard TOTP and HOTP protocols for two-factor authentication.

Displays graphical QR codes for easy scanning

Displays graphical QR codes to simplify the scanning process.

TFA can be made available on a per-role basis

Two-factor authentication can be enabled based on user roles.

TFA can be turned on or off by each user

Users have the option to enable or disable two-factor authentication.

TFA can be made compulsory for chosen user roles

Two-factor authentication can be mandated for specific user roles.

Supports front-end editing of settings

Allows users to edit settings directly from the front-end.

Allows 'trusted devices' for a chosen number of days

Users can mark devices as trusted for a specified duration.

Includes native support for various login forms

Provides built-in support for multiple types of login forms.

Optional anti-bot protection on WooCommerce login forms

Offers optional anti-bot protection for WooCommerce login forms.

Encrypts TFA-generating secret keys

Ensures that TFA-generating secret keys are encrypted for security.

WP Multisite compatible

Compatible with WordPress Multisite installations.

Simplified user interface and code base

Features a user-friendly interface and streamlined code base.

Emergency codes for when you lose your device

Provides emergency codes for account access if the device is lost.

Administrators can access other users’ codes

Allows administrators to view and manage other users' codes.

Translatable

Supports translation for use in different languages.

Pricing

Single site licence

$19 / 12 months

Plan includes

Supports standard TOTP + HOTP protocols
Displays graphical QR codes for easy scanning
TFA can be made available on a per-role basis
TFA can be turned on or off by each user
TFA can be made compulsory for chosen user roles
Supports front-end editing of settings
Allows 'trusted devices' for a chosen number of days
Includes native support for various login forms
Buy Now

Up to 25 sites

$59 / 12 months

Plan includes

Supports standard TOTP + HOTP protocols
Displays graphical QR codes for easy scanning
TFA can be made available on a per-role basis
TFA can be turned on or off by each user
TFA can be made compulsory for chosen user roles
Supports front-end editing of settings
Allows 'trusted devices' for a chosen number of days
Includes native support for various login forms
Buy Now

In some cases companies have different prices based on various components like a location. As a result the prices displayed here can differ from the ones you see on their websites.

See all pricing options
Find Your Price Plan

Rating and reviews

4.4

Rating summary

77

Reviews

20K

Active installations

5
4
3
2
1

User sentiment analysis

Users appreciate the plugin for its reliable two-factor authentication (2FA) functionality, ease of setup, and compatibility with various authenticator apps like Google Authenticator and Authy. It’s praised for significantly enhancing website security, reducing unauthorized login attempts, and receiving regular updates. The support team, particularly David, is noted for being responsive and helpful. However, users mentioned drawbacks such as the necessity for a third-party app for it to work, limitations in the free version, and a relatively high annual cost for the premium version. Some encountered issues like getting locked out or errors in setup, but overall satisfaction remains high due to the effective security features and excellent support.
Emilio Lejit

Emilio Lejit

21 Jan, 2024

Excellent plugin, works greatly like a charm. This topic was modified 6 months ago by Emilio Lejit.
lcastonguay

lcastonguay

16 Jan, 2024

Please look elsewhere if you want a plugin that sends one-time passcodes via email. I originally purchased this plugin to send a one-time password to my class subscribers via email whenever they attempt to log in to their WooCommerce account. Only after I bought the plugin did I realize that my customers would need to install a third-party app for this plugin to work. I don’t want to inconvenience customers by requiring them to install another app to have a code sent to them, so this plugin isn’t usable for me. The author of the plugin was responsive when I contacted them for support. Still, I recommend adding a statement about not being able to send one-time passcodes via email on the plugin’s landing page.
pave1

pave1

06 Jan, 2024

Perfect, simple solution for Google Authenticator
gangof4

gangof4

26 Aug, 2023

So, I ordered Simbas’ 2FAplugin for my website. However, when I tried to install it, I got locked out. Not that I even knew what I was doing when I set it up. I contacted Simba and I was told they would work with me, but they needed cpanel access to my account. My hosting account didn’t come with it. My first thought was to just give up, but my Simba rep David kept after me to follow through, even after a dozen e-mails back and forth with half as many failures. So, I upgraded my account and got cpanel along with some other useful feature and comme par magie, Simba had the 2FA working on my website. These guys are definnitely getting a Christmas card from me.
kurtmanos

kurtmanos

16 Sep, 2022

While the plugin is well written, it follows a recent trend that is a massive turnoff. The features most needed are only available in the paid version. The free version doesn’t allow the admin to make using this plugin compulsory, which means it’s useless. While I greatly appreciate the amount of effort involved in coding (been coding for over 40 years, myself), charging $20+ annually PER site is entirely unrealistic. Add the sheer number of plugins a typical WP site uses, multiply that by the number of sites many web admins are responsible for, and it’s simply too expensive for what I’m getting. We all want to live in mansions, but let’s get real. I pay $100 annually for my Office 365 Family, and six of us gets the full suite of products PLUS each of us gets a terabyte of cloud storage. I’ll be using a different plugin on my sites.
See All Reviews

More plugins like this

See all

FAQ

What is two factor authentication (TFA / 2FA) ?

Why should I care?

How does two factor authentication (TFA / 2FA) work?

What do I need to set up on my phone/tablet (etc.) in order to generate the codes?

What if I do not have a phone or tablet?

I lost my device that has pass-codes – or, they don’t work. What to do?

Why does the plugin not support sending the two-factor code by email?

What are HOTP and TOTP?

What is the shortcode to use for front-end settings?

I deliberately entered a wrong password, and it let me login!

TenWeb, Inc.

40 E Main St, Suite 721

Newark, DE 19711

United States

Company

About usContact usSecurity statementAffiliiatesAffiliate termsCareerPricing

Product

AI Website BuilderAI EcommerceHostingPageSpeed BoosterAI Business Name GeneratorIndustriesAI AssistantAI Marketing Strategy GeneratorPluginsWidgetsWebsite management

Customers

10Web for agencies & freelancersCase studies10Web for SMBsCustomer reviews

Resources

Help CenterBlogHosting glossarySite speed glossaryPress KitRoadmapSubmit your ideaFacebook communityAI technologySystem status

Copyright © 2024 TenWeb. All rights reserved.

Privacy
Terms of Service
SLA
Report Abuse