WP 2FA – Two-factor authentication for WordPress



Add an extra layer of security to your WordPress website login page and its users. Enable two-factor authentication (2FA), the best protection against users using weak passwords, and automated password guessing and brute force attacks.

Features | Getting Started | 14-Day Premium Trial

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator user, and to enforce your website users, or some of them to use 2FA. This plugin is very easy to use. It has wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance.

Mantenido y apoyado por WP White Security

WP White Security builds high-quality WordPress security & admin plugins such as WPassword, and WP Activity Log, the #1 user-rated activity log plugin for WordPress.

Browse our list of WordPress security plugins to see how our plugins can help you better manage and improve the security of your WordPress websites and users.

Características y capacidades clave del plugin WP 2FA

Extend the functionality of WP 2FA & automate more

Upgrade to WP 2FA Premium to:

  • Add trusted devices – no need for 2FA code each time you log in,
  • Whitelabel all the 2FA pages – for a consistent user experience,
  • Give the users more 2FA methods to choose from and use,
  • Configure different 2FA policies for different user profiles,
  • More alternative 2FA backup methods,
  • Easily get an overview of users’ 2FA setup with the reports,
  • And many other features.

Refer to the features and benefits page to learn more about the benefits of upgrading to WP 2FA Premium.

Free and Premium Support

Support for WP 2FA is free on the WordPress support forums.

Premium world-class support is available via email to all WP 2FA Premium users.

Note: paid customer support is given priority and is provided via one-to-one email and over the phone. Upgrade to Premium to benefit from priority support.

For any other queries, feedback, or if you simply want to get in touch with us please use our contact form.

As Featured On:

Enlaces relacionados y documentación

Desde dentro de WordPress

  1. Visita «Plugins > Añadir nuevo»
  2. Busca «WP 2FA»
  3. Instala y activa WP 2FA desde tu página de plugins.


  1. Descarga el plugin desde el repositorio de plugins de WordPress
  2. Descomprime el archivo ZIP y sube la carpeta wp-2fa al directorio /wp-content/plugins/
  3. Activa el plugin WP 2FA a través del menú «Plugins» en WordPress


  • El asistente de primera instalación te permite configurar 2FA en tu web y para tu usuario en cuestión de segundos.
  • Los asistentes hacen muy fácil la configuración de 2FA, de forma que, incluso los usuarios no técnicos, puedan configurar 2FA sin necesidad de ayuda.
  • Puedes obligar a los usuarios a activar 2FA y también darles un período de gracia para que lo hagan.
  • Los usuarios también pueden usar códigos de un solo uso por correo electrónico como un método de identificación de dos factores.
  • Puedes usar políticas para obligar a los usuarios a configurar y usar 2FA inmediatamente, por lo que se les pedirá que lo hagan la siguiente vez que accedan.
  • Se recomienda a todos los usuarios que también generen códigos de respaldo, para el caso de que no puedan acceder en el dispositivo principal.
  • En el perfil de usuario, los usuarios solo tienen unas pocas opciones de 2FA, por lo que no les es confuso y todo se explica por sí mismo.
  • El plugin bloquea las cuentas de los usuarios que han sido obligados a tener 2FA pero no lo han hecho dentro del período de gracia, de forma que no pongan en riesgo la seguridad de tu web.


13 de enero de 2022
Easily protects the access to our WP-Admin backend with a lot of useful settings. After reporting an issue they contacted me about the error details. Within a few days they had it fixed with a plugin update. Very good service with a personal touch.
13 de noviembre de 2021
After evaluating four 2FA plugins for WordPress (including premium plugins), I must say this is the best one. It makes 2FA easy to enable for regular users and it follows the same setup and login flow as the “big players” such as Facebook and Twitter. The developer has even hinted on upcoming support for WebAuthn, e.g., Yubikeys (see support topic “support-for-yubikey”), which would take authentication security to the next level. There are some missing features that I would like to see in the future. The lack of these features doesn’t keep me from giving this excellent plugin five stars, since the plugin does exactly what it claims to do. Here are however the improvements I’d like to see. Embed a script for generating QR codes so that no external requests are needed (the plugin currently relies on chart[.]googleapis[.]com). Put the dialog boxes’ content in templates so that they can be overridden without modifying core files (or run the content through a filter). Add a checkbox to the login page so that users can enable “remember this browser” or “do not ask again for 90 days”. Consider adding a premium version so that we who rely on the plugin can fund the development and maintenance.
Leer todas las 69 reseñas

Colaboradores y desarrolladores

«WP 2FA – Two-factor authentication for WordPress» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


«WP 2FA – Two-factor authentication for WordPress» ha sido traducido a 8 idiomas locales. Gracias a los traductores por sus contribuciones.

Traduce «WP 2FA – Two-factor authentication for WordPress» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

2.1.0 (2022-01-12)

  • Nuevas características

    • Added a new default user status – User has not logged in yet.
  • Mejoras

    • Update a number of links used in the plugin.
    • Updated the redirects and logic that are triggered after the install wizard (improved UX).
    • Better handling of users without user role.
  • Bug fixes

    • Fixed: User 2FA state is permanentely cached when using Redis object caching.
    • Fixed an edge case in which the admin might be locked out of the plugin’s settings during an upgrade.
    • Fixed a PHP warning triggered during login on some websites.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.