miniOrange 2 Factor Authentication

Easy to use mobile authentication for secure login to your WordPress site.

Author:	miniOrange (profile at wordpress.org)
WordPress version required:	3.0.1
WordPress version tested:	6.7.2
Plugin version:	6.0.6
Added to WordPress repository:	09-07-2015
Last updated:	19-02-2025
Rating, %:	90
Rated by:	372
Plugin URI:	https://miniorange.com
Total downloads:	2 173 923
Active installs:	20 000+
Click to start download

Features | Setup Guide | Documentation | Integrations | Contact Us

A POWERFUL & FREE TO USE 2FA PLUGIN

Secure your WordPress login by adding a security layer i.e. Two-Factor Authentication (2FA) or two-step authentication.

Install the Two-Factor Authentication (2FA) plugin to protect your website from unauthorized access. Google Authenticator – Two Factor Authentication (2FA) is the most feature-rich and reliable 2FA/MFA solution. You can also check out our Two-Factor Authentication/MFA landing page to know more. Two-Step Authentication secures your website against various threats like brute force attacks, dictionary attacks, and automated password guessing.

For further information or any inquiries, feel free to reach out to us at 2fasupport@xecurify.com.

KEY FEATURES AND CAPABILITIES

Two-Fator Authentication – 2FA/MFA plugin supports all the TOTP (Time-Based One-Time Password) Authenticator Apps.

TOTP (Time-Based One-Time Password) is a type of Two-Factor Authentication (2FA) mechanism that generates a temporary, unique password based on the current time. It is widely used to enhance security by requiring not only a username and password but also a time-sensitive code that changes every 30 seconds (usually).

Below are TOTP (Time-Based One-Time Password) Authenticator apps of Two-Factor Authentication provided by our plugin:

Google Authenticator
Microsoft Authenticator
LastPass Authenticator
Duo Authenticator
Authy 2-Factor Authenticator
FreeOTP Authenticator
Okta Verify and many other Two-Factor Authenticator apps.

In TOTP (Time-Based One-Time Password) Authenticator methods of WordPress 2FA (WP 2FA) plugin, you get a 2FA code on the authenticator app to verify yourself during WordPress Login.

Two Factor Authenticator (2FA/MFA) plugin provides multiple 2FA/MFA methods to setup two-step authentication. One of the popular being Google Authenticator.
Our setup wizard guides you through the setup process. It makes the Two-Factor Authentication plugin setup so easy that a person with no technical knowledge can configure 2FA in no time and setup any two-step authentication method of your choice.
- Two-Factor Authentication – 2FA for all user roles
- Two-Factor Authentication (2FA) or Two-Step Authentication Methods:
- Login with 2FA using Authenticator Apps
- OTP Over Email/2FA code Over email/OTP login via Email
- OTP Over SMS/2FA code Over SMS/OTP login via SMS
- Email Verification via link
- OTP over Telegram
- Security Questions
- Set 2FA/MFA method of any user from their profiles
- Users can log in with any configured 2FA or two-step authentication methods
- Grace Period for users to configure 2FA or two-step authentication
- 2FA/MFA – two-step authentication is supported on popular login forms
- 2FA/MFA – two-step authentication supported on popular checkout/registration forms
- 2FA/MFA for a lifetime for up to 3 users
- Login using backup codes in case you are locked out
- Language Translation Support for French, Spanish, Italian, German, and many other languages
If you have questions or need more details, contact us at 2fasupport@xecurify.com.

PREMIUM FEATURES AVAILABLE ON UPGRADE

Two-Factor Authentication (2FA) for all users and user roles on your website
Unlimited Email transactions for email-based 2FA
Set different 2FA or two-step authentication policies for different user roles
Enable/disable Two-Factor Authentication (2FA) or Two-Step Authentication for specific Users/User Roles
Login with backup 2FA methods: – KBA (Security Questions), OTP login using Email, and Backup codes
Redirect users to a custom URL after 2FA
Customize account name shown in 2FA Authenticator apps
Set custom security questions
Force Two-Factor Authentication or two-step authentication for users
Send email notification to users asking them to set up Two-Factor Authentication (2FA) or two-step authentication
Remember device to skip 2FA or two-step authentication on trusted devices
Customize 2FA login pop-ups according to your website’s theme
2FA supported on multisite network for up to 3 subsites
Login with 2FA – two-step authentication using Hardware Token
Sync WP 2FA for multiple websites
Customize email notifications, and 2FA login pop-ups and use your own branding logo
Shortcodes available to add enable/disable 2FA/MFA checkbox and reconfigure 2FA/MFA panel on user’s account page
Restrict the number of simultaneous sessions of a user
Passwordless login – Login without password using 2FA
2FA/MFA – two-step authentication for popular login forms like User Pro, Login with Ajax, Theme My Login, etc.

User Identity Verification with the Two-Factor Authentication (2FA) or MFA plugin

2FA on Login and Registration: Verify users on login with different TOTP login methods & other 2FA/OTP login methods like OTP login using SMS, OTP login using Email, OTP over Telegram, Google Authenticator, Email Verification, Authy Authenticator, Duo Authenticator, Microsoft Authenticator and many others. Two-Factor Authentication on registration can be done via either of the OTP login methods (OTP authentication using Email or via OTP authentication using SMS).

Plugin Integrations and Support for all Two-Factor Authentication (2FA) Or MFA methods

Two Factor Authentication – WordPress 2FA/MFA plugin is compatible with popular plugins such as:-

Third-Party Custom SMS Gateway for OTP Over SMS – OTP Login via SMS

The premium Two Factor Authentication – WordPress 2FA (WP 2FA) plugin support any third-party SMS Gateway for OTP login via SMS method. If you don’t have your SMS gateway you can use the miniOrange gateway and send SMS in OTP Over SMS authentication.
Famous SMS gateways supported by Two Factor Authentication – WordPress 2FA plugin.
Test your gateway

Why do you need to register with miniOrange in the Two Factor Authentication plugin or miniOrange Google Authenticator?

Two Factor Authentication or WordPress 2FA (WP 2FA) plugin uses miniOrange APIs to communicate between your WP site and miniOrange IDP. To keep this communication secure, we ask you to register and assign API keys specific to your account. This way your account and users’ calls can be accessed only by API keys assigned to you.

However, you can use most of the 2FA/MFA methods without registration. You must register yourself to use the OTP Over SMS or OTP login via SMS method.

Useful blog posts about Two-Factor Authentication/2FA/MFA plugin

Beginner’s Guide: How to Add Two-Factor Authentication to WordPress
How to Add Two-Factor Authentication i.e, WordPress 2FA using Google Authenticator
How to translate WordPress Two-Factor Authentication – WP 2FA
Simple method to add Two-Factor Authentication in WordPress
WordPress Two-Factor Authentication – How to Setup 2FA
OTP over WhatsApp

Customized solutions and active support for the miniOrange Google Authenticator or Two Factor Authentication(2FA) plugin are available. Email us at info@xecurify.com or call us at +1 9786589387.

Screenshots
FAQ

How do I gain access to my website if I get locked out using the Google Authenticator – 2FA plugin?

You can obtain access to your website by one of the below options:

If you have an additional administrator account whose Two-Factor or 2FA is not enabled yet, you can log in with it.
If you had set up KBA questions as 2FA earlier, you can use them as an alternate method to log in to your website instead of the configured 2FA method.
Rename the plugin from FTP – this disables the Two-Factor Authentication – WordPress 2FA (WP 2FA) plugin and you will be able to log in without 2FA.

For detailed information, please check on our website. Locked Out.
You can also check our video tutorial:

How do I enable Google Authenticator as Two-Factor Authentication (2FA) as the backup method?

You can use Google Authenticator as the backup method for your users by enabling the “Login with any configured 2FA method” or “Multi-Factor Authentication” in the miniOrange Two-Factor Authentication – 2FA plugin settings. [PREMIUM FEATURE]

I have enabled Two-Factor Authentication (2FA) or Two-step Authentication for all users, what happens if an end-user tries to log in but has not yet registered?

If a user has not set up Two Factor yet, the user will be prompted for 2FA registration on the first login.

How can I enable only one authentication method for my users?

You can select the specific Two-Factor Authentication (2FA) or two-step authentication methods under the Login Settings tab. Only the selected authentication methods will be shown to the user during inline registration for example if you select Google Authenticator or any specific 2FA/MFA methods, only they will be shown on login. [PREMIUM FEATURE]

How can I make the look and feel of custom/front-end login page on my site to remain the same when I add Two-Factor Authentication?

If you have a custom login form other than wp-login.php then you can configure 2FA/MFA on your login form from the Login Form settings in the miniOrange Two-Factor Authentication (2FA) plugin dashboard. We are not claiming that it will work with all the custom login pages. In such a case, custom work is needed to integrate two-factor with your customized login page. You can submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com for more details.

What should I do if I face any issues while logging in with the miniOrange Two-Factor Authentication (2FA) plugin or if there is a conflict with any other plugin?

Our Two-Factor Authentication (2FA) plugin is compatible with most popular plugins, but if it is not working for you, please submit a query in our Support Section in the plugin or contact us at info@xecurify.com.

I am using a render-blocking javascript and CSS plugin – Async JS and CSS Plugin and I am not able to log in with Two-Factor and the screen goes blank. What should I do?

If you are using Async JS and CSS Plugin. Please go to its settings add jQuery to the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

I am upgrading my phone. What should I do to shift 2FA to my new phone?

You should go to 2FA For Me Tab and click on Reconfigure to reconfigure Two-Factor with your new phone.

Hide FAQ

ChangeLog

6.0.6

Improvements – 2FA admin dashboard UI/UX
Auto file inclusion added
Added Separate tab for 2FA reports
Updated Email Verification popup

6.0.5

Updated Button CSS
Updated Custom Logo Branding on 2FA Popup Settings UI
General CSS Improvements
2FA Pricing Page Removed

6.0.4

Improvement – Updated Login Transaction Report UX
2FA Pricing Plan updates

6.0.3

Bug Fixes – Google Authentication CSS-JS loading issue in login

6.0.2

Setup Wizard flow changes.
Bug Fix in Setup Wizard flow.

6.0.1

Bug fixes for UI/UX plugin release

6.0.0

Updated UI/UX of the plugin dashboard
Added configuration for customizations of all email notifications White Labelling > Email Templates
Added 2FA reconfiguration link over email as a backup method
Added Cusotm Redirect URL after login feature
Extended grace period functionality
Removed miniOrange Authenticator 2FA method
Removed DUO Authenticator 2FA method
Shifted Google Authenticator Custom App name to White Labelling > 2FA Customizations

5.8.4

Updated jquery jquery.dataTables.min.js version to the latest version
Bug fixes- Getting error on user account creation on WooCommerce

5.8.3

Compatibility with WordPress 6.5
Fixed redirection issue on activation with WordPress 6.5
Changed refund Policy link
Updated miniOrange portal links

5.8.2

Bug Fix- Log out the users when the grace period is enabled
Improvement- Added SMTP checks for email verification
Improvement- Updated UX for Email Verification method
Fixed- Warnings in the error logs

5.8.1

Bug Fix- Show backup codes to users after configuring Email Verification
Updated UI for Google Authenticator user configuration screens
Updated UI of Setup Wizard

5.8

Bug fix- 2FA method was getting updated when updating a user on the user-edit page
Updated UI for OTP over SMS, OTP over Email and OTP over Telegram configuration screens
Added Email Verification method

5.7.5

Compatibility with WordPress 6.4

5.7.4

Bug fix- Keep end users’ 2FA configuration when the plugin is deactivated
Bug fix- Attempts left for the OTP-based methods
Bug fix- Display App Key for Google authenticator in 2FA inline registration

5.7.3

Bug fixes for registration forms
Compatibility with WordPress 6.3

5.7.2

Updated flow of 2FA on registration form
Minor bug fixes

5.7.1

Bug fix – Users will be able to configure/reconfigure and reset cloud methods
Bug fix – SMS Transactions will be credited when customers register in the plugin
Bug fix – Fixed Email Transaction sync issue
Added Resend OTP Button in case of OTP Over SMS, OTP over Telegram, OTP over Email methods
Improvement – Enforced reconfiguration of the alternate method after login with backup code
Feature Improvement – The 2FA prompt will be visible in case of TOTP method has not been set for the admin
Updated plugin dashboard UI – Added My Account tab for miniOrange User Account

5.7.0

Code Improvements according to WPCS
Feature Improvement – Added role-based checks for login through new IP
Improvement – Error handling for account creation

5.6.6

Google Authenticator – Two-Factor Authentication – 2FA, OTP :
Bug fix – redirection issue for users in a Multisite environment
Improvements – Removed External links from Google Authenticator
Improvements – Mobile responsiveness of setup wizard
Improvement for SMS/Email verification on the PaidMembership Proform
Updated Pricing plan according to new use cases
Updated Add SMS notification/button check
Updated feedback form
Advertised OTP over WhatsApp

5.6.5

Google Authenticator – Two-Factor Authentication – 2FA, OTP :
Bug fix – Save template for notifications on email
Bug fix – Error in SMS authentication setup through plugin dashboard
Updated Network Security removal notice message

5.6.4

Google Authenticator – Two-Factor Authentication – 2FA, OTP :
Bug fix – headers already sent in messages.php

5.6.3

Google Authenticator – Two-Factor Authentication – 2FA, OTP :
Skip-2 factor option removed from the inline setup
Backup code button will always be shown
Added login form and theme fields in the trial request form
CSS-JS version added for all scripts and styles respectively
Autofocus for many input fields and submit the form when Enter is hit

5.6.2

Google Authenticator – Two-Factor Authentication – 2FA, OTP :
Vulnerability fixes
Removed Network Security for new users
Updated Pricing page UI

5.6.1

Google Authenticator – Two-Factor Authentication 2FA, OTP :
Bug fix- Headers already sent
Added SMTP check for sending backup codes on 2fa prompt

For older changelog entries, please see the additional changelog.txt file provided with the plugin.

Hide ChangeLog