Two Factor Authentication
Secure WordPress login with Two Factor Authentication - supports WP, Woo + other login forms, HOTP, TOTP (Google Authenticator, Authy, etc.)
4.4(77 reviews)
·20K+ active installs·Updated 1 week agoAs of April 2026, Two Factor Authentication is a WordPress 2FA plugin with 20K+ active installations and a 4.4/5 rating from 77 reviews. It has been downloaded 881K+ times in total. Requires WordPress 3.4+ and PHP 5.6+. Available on WordPress.org since 2015. Actively maintained — updated within the last month. Downloads are up 14% this week. Top alternative: Wordfence Security – Firewall, Malware….
4.4/577 reviews
20K+active installs
881K+total downloads
11 yearssince 2015
Overview
Secure WordPress login with this two factor authentication (TFA / 2FA) plugin. Users for whom it is enabled will require a one-time code in order to log in. From the authors of UpdraftPlus – WP’s #1 backup/restore plugin, with over two million active installs.
Are you completely new to TFA? If so, please see our FAQ.
Features (please see the “Screenshots” for more information):
- Supports standard TOTP + HOTP protocols (and so supports Google Authenticator, Authy, and many others).
- Displays graphical QR codes for easy scanning into apps on your phone/tablet
- TFA can be made available on a per-role basis (e.g. available for admins, but not for subscribers)
- TFA can be turned on or off by each user
- TFA can be required for specified user levels, after a defined time peri…
Screenshots
Ratings & Reviews
4.477 reviews
5 ★
62
4 ★
2
3 ★
3
2 ★
1
1 ★
9
Recent Reviews
Nice plugin, Excellent plugin, works greatly like a charm.
by Emilio Lejit·2 years ago
Excellent plugin, works greatly like a charm.
- This topic was modified 2 years, 2 months ago by Emilio Lejit.
This plugin does not support OTP via email.
by lcastonguay·2 years ago·1 reply
Please look elsewhere if you want a plugin that sends one-time passcodes via email. I originally purchased this plugin to send a one-time password to my class subscribers via email whenever they attempt to log in to their WooCommerce account. Only after I bought the plugin did I realize that my customers would need to install a third-party app for this plugin to work.
I don’t want to inconvenience customers by requiring them to install another app to have a code sent to them, so this plugin isn’t usable for me. The author of the plugin was responsive when I contacted them for support. Still, I recommend adding a statement about not being able to send one-time passcodes via email on the plugin’s landing page.
Just works
by pave1·2 years ago
Perfect, simple solution for Google Authenticator
Can’t say enough good things about them
by gangof4·2 years ago
So, I ordered Simbas’ 2FAplugin for my website. However, when I tried to install it, I got locked out. Not that I even knew what I was doing when I set it up. I contacted Simba and I was told they would work with me, but they needed cpanel access to my account. My hosting account didn’t come with it. My first thought was to just give up, but my Simba rep David kept after me to follow through, even after a dozen e-mails back and forth with half as many failures. So, I upgraded my account and got cpanel along with some other useful feature and comme par magie, Simba had the 2FA working on my website. These guys are definnitely getting a Christmas card from me.
Almost Worth It
by kurtmanos·3 years ago·1 reply
While the plugin is well written, it follows a recent trend that is a massive turnoff. The features most needed are only available in the paid version. The free version doesn’t allow the admin to make using this plugin compulsory, which means it’s useless. While I greatly appreciate the amount of effort involved in coding (been coding for over 40 years, myself), charging $20+ annually PER site is entirely unrealistic. Add the sheer number of plugins a typical WP site uses, multiply that by the number of sites many web admins are responsible for, and it’s simply too expensive for what I’m getting. We all want to live in mansions, but let’s get real. I pay $100 annually for my Office 365 Family, and six of us gets the full suite of products PLUS each of us gets a terabyte of cloud storage.
I’ll be using a different plugin on my sites.
Download Trends
Today: 109Yesterday: 148This week: 726Period total: 65K
Compatibility
| WordPress | 3.4+ requiredTested up to 7.0 |
| PHP | 5.6+ required |
Version Adoption
v1.16
64.5%
v1.14
22.9%
v1.15
8.7%
Other
3.9%
Top Alternatives to Two Factor Authentication
Frequently Asked Questions
Changelog
1.16.0 – 09/Dec/2025
- FEATURE: Add support for Easy Digital Downloads(EDD) login form
- TWEAK: Resolve a typo in the emergency code usage email notification text
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.