miniOrange 2 Factor Authentication

plugin banner

Easy to use mobile authentication for secure login to your WordPress site.

Author:miniOrange (profile at wordpress.org)
WordPress version required:3.0.1
WordPress version tested:5.8.1
Plugin version:5.4.44
Added to WordPress repository:09-07-2015
Last updated:29-09-2021
Rating, %:90
Rated by:307
Plugin URI:https://miniorange.com
Total downloads:1 291 300
Active installs:20 000+
plugin download
Click to start download

Google Authenticator – Two Factor (2FA/OTP) – Two Factor Authentication plugin provides a completely Secure login to your WordPress website. Google Authenticator is a FREE, Simple & very easy to setup plugin. This plugin can be configured for any TOTP-based authentication method like Google Authenticator, Microsoft Authenticator, etc. This plugin also supports OTP Over SMS, OTP Over Email, Duo Authenticator, OTP Over WhatsApp, OTP Over Telegram, and many more authentication methods.

You can check out the following video to configure google authenticator and other two factor methods:

User Identity Verification or multi-factor authentication With google authenticator

Login and Registration: Verify users on login as well as at Registration with different authentication methods like OTP over SMS, OTP Over Email, Google Authenticator, SMS Verification, Email, Authy Authenticator, Duo Authenticator, Microsoft Authenticator, TOTP Based Authenticator, Security Questions, and many others.
Users will receive an OTP at the time of registration/log in which will be used to verify their identity. OTP can be received either via Email or via OTP.

Sync same 2-factor authentication(2FA/TFA) for multiple websites with the same google authenticator OTP using multi-factor authentication

You would not need to configure Google Authenticator and other Two Factor Authentication ( 2FA/OTP ) methods from the second site onward. You just need to log in with a miniOrange account and your 2FA will automatically get set. This is available for Google Authenticator, Duo Authenticator, Microsoft Authenticator, Security Questions, LastPass Authenticator, Authy Authenticator, miniOrange methods, OTP Over SMS, OTP Over Email. It is supported only if you are using our cloud services of 2 Factor.

Plugin Integrations and Support for all methods of two factor authentication ( 2fa/OTP ) like **Google Authenticator**

WordPress login and registration forms support and integration for all methods of two factor authentication ( 2FA / MFA ) like **Google Authenticator**

Third Party Custom SMS Gateway for OTP Over SMS (two factor authentication / 2FA )

The premium plugin supports any third-party custom SMS Gateway. If you don’t have your SMS gateway you can use miniOrange gateway and send SMS all over the world.
* Some Famous Gateways Supported for two factor ( 2FA/OTP ):
* Twilio : Twilio
* Clickatell : Clickatell
* ClickSend : ClickSend
* SendGrid : SendGrid
* Plivo : Plivo
* GatewayApi : GatewayApi

Test your Gateway: Custom Gateway

[google authenticator – Two step verification/ 2 Factor Authentication/ 2FA] FREE Plugin Features

  • Simplified & easy user interface to set up Google Authenticator and other Two-Factor Authentication ( 2FA/OTP ) methods.
  • Google Authenticator – Two Factor Authentication (2FA/TFA) for 3 User forever FREE!
  • Variety of Two Factor Authentication Methods: Any App supporting TOTP algorithms like Google Authenticator, Authy Authenticator, LastPass Authenticator, Microsoft Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) are supported in the plugin for multi factor authentication(2FA/TFA).
  • Includes Language Translation Support. Supports a wide variety of languages for all methods of 2 factor (2FA/TFA) like Google Authenticator
  • Passwordless login or login with phone number, support for Google Authenticator and other 2 Factor authentication (2FA/TFA) methods.
  • This plugin Supports standard TOTP + HOTP protocols for Authentication Methods. Any TOTP protocol based authenticator app can be configured using the Google Authenticator option in the plugin for two factor authentication.
  • Two Factor Authentication (2FA/TFA) allows authentication on the login page itself for Google Authenticator & miniOrange Soft Token.
  • Brute force attack prevention & IP Blocking along with two factor authentication.
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. Guide
  • User login Monitoring with and without two-factor authentication(2FA/TFA)
  • RCP Login and Registration Support with all login 2 factor methods like Google Authenticator, OTP Over SMS, QR code Authentication, login with Email for Login.
  • OTP Verification of Ultimate Member Registration form with methods like OTP Over SMS and Email, QR code Authentication.
  • Recovery codes in case you are locked out for all Two Factor Authentication (2FA/TFA) methods like Google Authenticator, SMS verification.
  • Supports multi factor authentication for methods such as Google authenticator, OTP over Email, OTP over SMS, QR code authentication and many more.
  • Mobile verification – two step verification (2FA/TFA) using a user’s mobile phone with authentication method like google authenticator, QR code authentication, etc.

google authenticator ( 2FA – two factor authentication ) Premium Lite Plugin Features

  • Google Authenticator – Two Factor Authentication (2FA/TFA) for all users and all user roles ( Site-based pricing )
  • Available Two Factor Authentication Methods: Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, Security Questions(KBA), OTP Over Email, OTP Over SMS, Email Verification, Mobile Verification. ( SMS credits need to be purchased as per the need)
  • Includes language Translation Support. Supports a wide variety of languages for two factor authentication.
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. Guide
  • Unlimited Email transactions: Unlimited Email transactions with your SMTP server.
  • Backup Method: KBA(Security Questions), OTP Over Email, Backup codes For all Two Factor Authentication ( TFA ) methods like Google Authenticator, etc.
  • Multisite compatible for all WordPress 2FA methods.
  • Two Factor Authentication ( TFA/2FA ) for Custom login forms like User Pro, login with ajax, Theme my login, etc with all authentication methods like Google Authenticator, mobile Verification with SMS, etc.
  • User role based redirection after Login Guide, Customize account name in Google Authenticator app Guide
  • Custom Security Questions (KBA) Guide
  • Role based 2 Factor – Different 2 factor like Google Authenticator, OTP Over SMS and Email, Authy Authenticator, etc based on your role Guide*
  • Force Two factor for users Guide
  • Email notification to users asking them to set up Two Factor Authentication (2FA/TFA) Guide
  • Set Privacy Policy for users Guide
  • App-Specific Password to login from mobile Apps
  • Remember Device for all methods like Google Authenticator, Mobile verification with SMS, etc Guide
  • Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on, and Short Codes Add-on

google authenticator ( 2FA – two factor authentication ) Premium Plugin Features

  • Google Authenticator – Two Factor Authentication (2FA / MFA) for Users as per the upgrade ( User-based pricing )
  • Available Authentication Methods: Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token, Whatsapp based 2fa(Add-on), Telegram Based 2fa. ( SMS and Email credits need to be purchased as per the need)
  • Language Translation Support for two factor authentication.
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login/ Login without password Guide
  • Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes Guide
  • Multisite compatible for all WordPress 2FA methods.
  • Force Two factor authentication for users Guide
  • Email notification to users asking them to set up Two Factor Authentication (2FA/TFA) Guide
  • User role based redirection after Login Guide, Custom Security Questions (KBA) Guide, Customize account name in Google Authenticator app Guide.
  • Enable Google Authenticator – Two Factor Authentication (2FA/TFA) for specific Users/User Roles Guide
  • Choose specific two factor authentication methods for Users Guide
  • Set Privacy Policy for users Guide
  • App Specific Password to login from mobile Apps
  • Remember Device to skip the two factor authentication( 2FA/MFA ) for trusted devices Guide
  • Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on

google authenticator ( 2FA/OTP ) Enterprise Plugin Features

  • [Google Authenticator – Two Factor Authentication] (https://plugins.miniorange.com/2-factor-authentication-for-wordpress) – 2FA for Users as per the upgrade ( User-based pricing )
  • Available Authentication Methods: Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. ( SMS and Email credits need to be purchased as per the need)
  • Language Translation Support for two factor authentication.
  • Multiple Login Options: Username + password + two factor Authentication (or) Username + two factor authentication i.e. Passwordless login /Login without password.
  • Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes
  • Multisite compatible for all WordPress 2FA methods.
  • Email notification to users asking them to set up Google Authenticator – Two Factor Authentication (2FA/TFA).
  • User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
  • Enable Two Factor Authentication (2FA/OTP) for specific Users/User Roles
  • Choose specific two factor authentication methods for Users
  • App Specific Password to login from mobile Apps
  • Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
  • **Brute force attack prevention, IP Blocking & User login Monitoring. **
  • File protection & strong password
  • Monitoring current Google Authenticator and other two factor authentication (2 Factor) method of all the users in the plugin.

PASSWORDLESS LOGIN ( login without password ) for all two factor methods like google authenticator

Passwordless login (Login without password) is a new way of login in which you and your users can login without entering the password. The login can be done by username and 2 factor or only username which can be decided based on the user role. If a role is not allowed for passwordless login they will login with password and username. miniOrange supports many two factor authentication methods for passwordless login. You can use google authenticator, webauthn, fingerprint login, OTP over SMS, and email for login without a password.

WebAuthn (FIDO2) Passwordless login ( Login without password by using FIDO2 WebAuthn )

WebAuthn is a browser-based API that allows for web applications to simplify and secure user authentication by using registered devices (phones, laptops, etc) as factors. It uses public key cryptography to protect users from advanced phishing attacks. It will allow you to provide your users an option for usernameless login. With the help of webauthn your users can login with fingerprint, FaceID, TouchID, etc.

= Device restriction with webauthn ( FIDO2 )=
Webauthn allows you to restrict the number of devices per user. You can allow a user any number of devices they can use to login to your website. Webauthn also covers passwordless and usernameless login in which your users can login from the allowed device without password and username.

Session restriction and Device restriction using two factor authentication

Two factor authentication plugin allows you to restrict the number of devices as well as number of active sessions for a particular user. Session restriction and device restriction allows you to stop account sharing with multiple devices as well. Session restriction stops users from logging in or maintaining multiple sessions on the same laptop also, but in case of device restriction you can control the number of devices a user can use for accessing the website. In this way both session restriction and device restriction can help control user access to an account.

Multi factor authentication ( 2FA / MFA )

You can configure multiple WordPress 2FA methods like google authenticator, OTP over Email, OTP over SMS, etc and choose which method you want to login to your website from a list of configured methods. Multi factor authentication is helpful for cases such as when you do not have your phone and cannot access your TOTP app for login. You can then use other multi factor authentication methods like OTP over Email to login.

login without password with webauthn and two step verification ( 2FA / MFA )

Google authenticator – two step verification along with webauthn allows you to login to your website without using username and password for login. You can login with your device’s password or by using any other authentication method like google authenticator, OTP Over SMS, OTP Over Email, etc.

Prevent Account Sharing Between Users by two factor authentication ( 2FA / MFA )

Many video sharing and E-learning platforms want to prevent sharing of accounts between the users. This can be done using miniOrange Two factor plugin (TFA) with WordPress 2FA methods like QR code Authentication , Mobile Verification, etc. Also, e-learning portals can use this to their advantage. It can be used on any websites which create and sell courses. It can be integrated with plugins like Learndash.
Other sites like premium video content or any premium content where you want users not to share passwords between friends and Family then you can go for this solution. Multiple two factor authentication methods are supported to prevent account sharing.

[google authenticator – Two step verification] Customize two factor authentication ( Two step verification ) screen as per your website

You can customize the 2fa screen as per your website’s design.

Additional Features other than the basic Google Authenticator two factor authentication

  • Complete Web Security suite to protect wordpress from any attacks
  • Web Application Firewall (WAF) : WordPress Firewall to protect your site
  • OWASP TOP 10 Protection
  • Login Protection : Spam and Login Protection
  • Malware scanner: Detects any virus, malware and trojan
  • Backup: Taking Encrypted Backup with local storage and cloud storage
  • Two Factor Authentication : 2FA and MFA
  • Limit Login Attempts to stop password guessing
  • Realtime Global IP Blocking
  • Limit Rate of Request : Protecting resources from any security hole exploit
  • Crawler Detection and blocking
  • Blocking IP and Attacks
  • Country Blocking and Browser Blocking
  • Brute Force Attacks prevention to stop password hack
  • Captcha for Bot Detection
  • Google Recaptcha
  • Login Form Protection
  • Registration Form Protection
  • Integration with different plugin – Woo commerce, buddypress, ultimate member and others
  • Reporting
  • Audit Log

Check all the features other than two factor authentication ( Two step verification ) here: miniOrange Website

Why do you need to register for google authenticator?

Google authenticator uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign API keys specific to your account. This way your account and users’ calls can be only accessed by API keys assigned to you.
Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or WordPress 2FA like Google Authenticator. Single code generated in Google Authenticator will be enough to log in to all sites. With this, you can also achieve sync of two factor authentication on multiple sites. This helps to provide a secure 2fa cloud solution,

Add Ons [Applicable for Free and Standard Plans, Inclusive in the Premium Plan] for two factor authentication ( 2FA/OTP )

  • RBA & Trusted Devices Management Add-on Features for two factor authentication ( 2FA/OTP )

    • Remember Device to skip the two factor authentication ( 2 Factor ) from the trusted devices.
    • Set Device Limit for the users to login
    • IP Restriction: Limit users to login from specific IPs
    • Personalization Add-on Features to customize your two factor authentication pages
    • Custom UI of Two Factor Authentication (2FA/TFA) pop-ups
    • Custom Email and SMS Templates
    • Customize ‘Powered by’ Logo on two factor authentication page
    • Customize Plugin Icon
    • Customize Plugin Name
  • Short Codes Add-on Features for two factor authentication ( 2FA/MFA )

    • Option to turn on/off 2 factor (two factor authentication) by user
    • Option to configure the Google two step verification and Security Questions by user
    • Option to ‘Enable Remember Device’ from a custom login form to skip 2 factor for trusted devices.
    • On-Demand ShortCodes for specific functionalities ( like for enabling WordPress 2FA (Two Factor authentication) for specific pages)

[google authenticator – Two step verification] Apps Supported by the two factor authentication ( 2FA/MFA ) plugin

  • Google Authenticator
  • miniOrange Authenticator
  • Duo Authenticator
  • Microsoft Authenticator
  • Authy 2 Factor Authenticator
  • LastPass Authenticator
  • FreeOTP Authenticator
  • Duo Authenticator push notification
  • Authy push notification

Useful blog posts about two factor authentication ( 2FA/MFA ) plugin

*Beginner’s Guide: How to Add Two Factor Authentication to WordPress
*How to Add WordPress Two Factor Authentication (2FA/TFA)

Customized solutions and Active support are available. Email us at info@xecurify.com or call us at +1 9786589387.

Note: The plugin is GDPR Compliant and supports a wide variety of Language Translation


Screenshots
FAQ
ChangeLog