WP 2FA – Two-factor authentication for WordPress


A free and easy-to-use two-factor authentication plugin for WordPress

Add an extra layer of security to your WordPress website login pages and protect your users. Enable two-factor authentication (2FA), the best protection against users using weak passwords, automated password guessing, and brute force attacks.

Features | Getting Started | Get the Premium!

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator, and to enforce your website users, or users with a specific role to use 2FA. This plugin is very easy to use; everything can be configured via wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance.


Melapress develops high-quality WordPress management and security plugins such as Melapress Login Security, CAPTCHA 4WP, and WP Activity Log, the #1 user-rated activity log plugin for WordPress.

Browse our list of WordPress security and administration plugins to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.

WP 2FA key plugin features and capabilities

  • Identificación de dos factores (2FA) gratuita para todos los usuarios
  • Supports multiple 2FA methods
  • Universal 2FA app support – generate codes from Google Authenticator, Authy & any other 2FA app
  • Supports 2FA backup methods
  • Very easy to use and simple to set up
  • Use 2FA policies to enforce 2FA with a grace period or require users to instantly setup 2FA upon logging in
  • No WordPress dashboard access is required for users to set up 2FA
  • Plantilla de correo electrónico completamente editables
  • Protección contra ataques automáticos de clave y diccionario
  • Much more

Upgrade to WP 2FA Premium and get even more

The premium version of WP 2FA comes bundled with even more features to take your WordPress website login security to the next level.

With the premium edition of WP 2FA, you get more 2FA methods, 1-click integration with WooCommerce, trusted devices feature, and extensive white labeling capabilities.

Premium features list

  • Everything in the free version
  • Full white labeling capabilities
  • Trusted devices (no 2FA required)
  • Additionl 2FA methods (such as 2FA over SMS)
  • Require 2FA on password reset
  • One-click integration with WooCommerce
  • Much more

Refer to the WP 2FA plugin features and benefits page to learn more about the benefits of upgrading to WP 2FA Premium.

Free and premium support

Premium world-class support for WP 2FA is free via email or through the WordPress support forums.

Note: paid customer support is given priority and is provided via one-to-one email. Upgrade to Premium to benefit from priority support.

For any other queries, feedback, or if you simply want to get in touch with us, please use our contact form.

As featured on:

Related links and documentation:

You can find more detailed information about 2FA and its benefits in the links below

Installing WP 2FA

Desde dentro de WordPress

  1. Navigate to ‘Plugins > Add New’
  2. Search for ‘WP 2FA’
  3. Install & activate WP 2FA from your Plugins page


  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the folder to the /wp-content/plugins/ directory
  3. Activate the WP 2FA plugin through the ‘Plugins’ menu in WordPress


  • El asistente de primera instalación te permite configurar 2FA en tu web y para tu usuario en cuestión de segundos.
  • Los asistentes hacen muy fácil la configuración de 2FA, de forma que, incluso los usuarios no técnicos, puedan configurar 2FA sin necesidad de ayuda.
  • Puedes obligar a los usuarios a activar 2FA y también darles un período de gracia para que lo hagan.
  • Los usuarios también pueden usar códigos de un solo uso por correo electrónico como un método de identificación de dos factores.
  • Puedes usar políticas para obligar a los usuarios a configurar y usar 2FA inmediatamente, por lo que se les pedirá que lo hagan la siguiente vez que accedan.
  • Puedes dar a los usuarios un periodo de gracia hasta que configuren 2FA. También puedes especificar qué debe hacer el plugin una vez finalizado el periodo de gracia.
  • Se recomienda a todos los usuarios que también generen códigos de respaldo, para el caso de que no puedan acceder en el dispositivo principal.
  • En el perfil de usuario, los usuarios solo tienen unas pocas opciones de 2FA, por lo que no les es confuso y todo se explica por sí mismo.


15 de junio de 2024
I was searching for a simple 2FA plugin and found this. I was able to set it up fsirly quickly. I linked it to my Microsoft Authenticator. The plugin works fine. I did find a small conflict but support resolved quickly. The support was responsive and courteous. Over all, I would recommend this plugin to those that are in search of this type for their system needs.
12 de junio de 2024 1 respuesta
Made an account just to post this. None of the settings in the backend actually do anything. The plugin just does what it wants, directly ignoring what Ive put into the plugin options. Users are getting locked out of accounts, even though I explicitly said that this should not happen. Now we update the plugin and it crashes our entire installation. We literally paid money for the pro version. Such a waste of our time.
5 de junio de 2024 1 respuesta
Pretty short and simple. Spent some time figuring out how to set this up correctly without locking myself out (there’s almost no documentation that I can find except for marketing videos / articles that don’t actually explain how to correctly set it up). I ended up setting my 2FA to link to Microsoft Authenticator. Thought I was good to go. Log out of my account and log back in to test, where I enter my code and I’m redirected to domain.tld/wp-login.php?action=validate_2fa. This is a white screen that doesn’t load anything. I open up the network tab in developer tools and see I get a 402 – Payment required error. Don’t waste your time with this plugin — now I have to go and SSH in and restore from backup. Edit: I was able to remove this plugin via SSH by going to my plugins folder and simply deleting the plugin. I didn’t have to restore my database. I then found the «Wordfence Login Security» plugin — this was much more straightforward and didn’t require payment. I got that installed and working in under ~3 minutes.
17 de abril de 2024
The plugin allows 2FA with an app and/or with email. We chose the app variant. The setup is self explainable and everybody from my team could do it. It works reliable and without any problems even as the free version. First I had another plugin that interfered with 2FA, but the support was great and helped finding the problem. Very recommended!
10 de abril de 2024
It’s working well on all my sites and the support team has very responsive and helpful.
Leer todas las 130 reseñas

Colaboradores y desarrolladores

«WP 2FA – Two-factor authentication for WordPress» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


«WP 2FA – Two-factor authentication for WordPress» está traducido en 10 idiomas. Gracias a los traductores por sus contribuciones.

Traduce «WP 2FA – Two-factor authentication for WordPress» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

2.7.0 (2024-06-10)

  • Nuevas características

    • User Log Out Option: option to log out users after they configure 2FA.
    • Inline CSS Setting: a new setting to disable inline CSS on the login page.
    • Added new code to allow easy integration of other authentication services (documentation to be released soon).
  • Mejoras

    • Added new notices to adive users about what is new with each update.
    • Added a new filter for site admins to remove the «2FA status» column from the users’ page.
    • Updated the Select2 JS library used throughout the plugin.
    • Right-to-Left Language Support: Adjusted plugin imagery and text display for right-to-left languages, such as Arabic.
    • Improved overall code infrastructure to comply with WordPress Coding Standards (WPCS).
    • Various small text and CSS changes across the plugin.
  • Correcciones de fallos

    • JS Errors: addressed several reported JavaScript errors within the plugin wizards.
    • Memberpress conflict: fixed a conflict causing Memberpress custom phone fields to be uneditable when 2FA was enforced on users.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.