WordPress.org

Plugin Directory

miniOrange 2-factor Authentication (2FA with SMS, Email, Google Authenticator)

miniOrange 2-factor Authentication (2FA with SMS, Email, Google Authenticator)

Description

Features | Setup Guide | Documentation

Secure your WordPress site with Two-Factor Authentication (2FA) plugin

The miniOrange Two-Factor Authentication (2FA) plugin adds an extra layer of login protection to your WordPress website, defending against unauthorized access, brute-force attacks, and password theft.

Whether you’re a beginner or an expert, setting up this plugin is easy with our step-by-step wizard. Choose from Google Authenticator, Microsoft Authenticator, OTP login via email, SMS, WhatsApp 2FA, or Telegram, and more.
Have questions? Reach us at 2fasupport@xecurify.com

What is the 2FA Authenticator Plugin for WordPress?

The 2FA Authenticator plugin for WordPress adds an extra verification step, such as an OTP, beyond just your password. Easy to install and configure, this OTP authentication plugin secures your site without disrupting the user experience.

WordPress 2FA Key Features (Free Version)

  • User Role-Based Configuration: Apply 2FA or MFA selectively based on user roles or configure it individually per user for more control over who needs additional verification.
  • Backup Access Support: Let users generate and use backup codes to log in when their primary 2FA method is unavailable.
  • Guided Setup Wizard: An intuitive step-by-step wizard makes it easy to configure and deploy 2FA—no technical skills required.
  • Multi-Language Support: The plugin is translation-ready and supports major languages including French, Spanish, Italian, and German.
  • Free for 3 Users: Includes full access to 2FA features for up to three users—ideal for small teams or personal sites.
  • Customize Email Templates: Personalize OTP and 2FA emails to reflect your brand and improve user trust.
  • 2FA Login Reports & IP Alerts: Track login activity and get email alerts for logins from new IP addresses.
  • Custom Post-Login Redirection: Redirect users to any page after 2FA, like a dashboard, homepage, or custom URL.
  • 2FA for Popular Login Forms: Enable 2FA on WooCommerce, Theme My Login, Elementor, and other custom login forms.

Which 2FA Authentication Methods Do We Support?

Get support for a wide range of 2FA authentication methods, including Google Authenticator, OTP over SMS/Email, WhatsApp 2FA, Microsoft Authenticator, and more.

  1. TOTP-Based Authentication: Our 2FA plugin is compatible with popular authenticator apps including:

    • Google Authenticator: A widely trusted TOTP app that generates rotating login codes every 30 seconds—ideal for fast and offline verification.
    • Microsoft Authenticator: Easily syncs with your Microsoft account and supports time-based one-time passcodes for secure WordPress login.
    • LastPass Authenticator: Combines password management with strong 2FA protection by generating time-based codes linked to your LastPass account.
    • Duo Authenticator: Enterprise-ready authentication app offering secure TOTP codes and push notifications for streamlined two-factor login.
    • Authy 2-Factor Authenticator: Supports multi-device syncing and cloud backups while generating secure TOTP codes for your WordPress login.
    • FreeOTP, and other
  2. OTP Authentication:

    • OTP via Email: Send one-time passcodes to users directly via email for secure and convenient login verification with OTP Over Email support.
    • OTP via SMS: Get login codes to users through SMS for fast two-step OTP login verification on mobile devices.
    • OTP over Telegram: Use Telegram for OTP authentication if you prefer messaging-based login verification.
    • OTP over WhatsApp(Premium): Use WhatsApp 2FA to send login passcodes directly to the user’s WhatsApp account for a faster and familiar authentication experience.
  3. Email Verification via Link: Let users verify their login using a secure one-click email verification link—no passcode entry needed.

  4. Security Questions: Add a personal security layer by asking predefined questions during login, ideal as a backup or secondary method.

  5. SMS Verification via Link(Premium): Enable users to verify their login using an SMS verification link.

Upgrade to miniOrange 2FA Premium for Advanced Security

The premium plan of miniOrange WordPress 2FA gives you complete control over how users authenticate, helping you enforce policies across all roles, customize the login experience, and secure even the most complex WordPress setups.
With the premium Two Factor Authentication plugin, you gain access to more verification methods like unlimited OTP login via email/SMS, WhatsApp 2FA, trusted device support, multisite compatibility, and full branding capabilities—perfect for growing businesses, eCommerce platforms, and enterprise teams.

Premium Features List

  • 2FA for All Users & Roles: Enforce 2FA across your entire website or apply it selectively to specific user roles or individual users.
  • Unlimited Email OTP Transactions: Send unlimited email-based one-time passcodes—ideal for large-scale user bases and frequent login environments.
  • Role-Based 2FA Policies: Create different 2FA rules for each user role—require stronger authentication for admins while offering simpler methods for customers.
  • User-Specific 2FA Management: Enable or disable 2FA for individual users directly from their profile or admin settings.
  • Backup Login Options: Allow users to log in using alternate methods like security questions, email-based OTP, or backup codes when the default method is inaccessible.
  • Custom Redirect After 2FA: Send users to a specific page (dashboard, custom welcome, etc.) after completing 2FA authentication.
  • Custom Labels in Authenticator Apps: Customize the account name shown in Google Authenticator and other apps for clearer identification.
  • Custom Security Questions: Set your own challenge questions to match your organization’s security policies.
  • Force 2FA Setup on Login: Automatically prompt users to configure 2FA on their next login and restrict access until it’s enabled.
  • Email Notifications for 2FA Setup: Send automated emails reminding users to set up their 2FA—improving compliance without manual follow-up.
  • Trusted Devices Feature: Let users remember their device or browser to bypass 2FA on trusted systems for future logins.
  • Customizable Login UI: Easily style 2FA prompts and popups to match your theme and brand—no coding needed.
  • Multisite Compatibility: Support for WordPress multisite networks, with 2FA settings across up to 3 subsites included.
  • White Labeling & Branding: Fully rebrand the plugin with your logo, colors, and email templates to offer a seamless branded experience.
  • Shortcodes for User Profile Controls: Add 2FA management shortcodes to user account pages so users can enable, disable, or reconfigure their 2FA settings.
  • Session Management Controls: Restrict users from logging in on multiple devices simultaneously to prevent unauthorized access or credential sharing.
  • Passwordless Login: Let users log in using a one-time passcode—no password required—while maintaining strong account security.
  • Support for Custom & Third-Party Login Forms: Works seamlessly with plugins like UserPro, Login with Ajax, Theme My Login, and more.
  • Custom SMS Gateway Support: Integrate your own SMS gateway to send OTPs, giving you full control over delivery, cost, and sender branding.
  • Remember IP to Bypass 2FA: Mark trusted IP addresses to skip 2FA prompts and streamline login for internal users or safe environments.
  • Prevent Credential Sharing: Restrict multiple logins from different IPs or devices, helping you enforce strict account access policies and stop sharing.
  • Custom Form Integration: Add 2FA to any custom login form—even those not on the supported list—through flexible integration and custom support.

Which 2FA Authentication Methods Do We Support?

Step 1. Install and Activate

Search for the miniOrange Two-Factor Authentication plugin on the WordPress marketplace, then install and activate it from your dashboard.

Step 2. Enable 2FA from Form Settings Tab

Enable 2FA from the quick setup tab, choose user roles, and save your settings.

Configure 2FA Method of Your Choice

Select and set up your preferred 2FA authentication method, such as Google Authenticator, OTP over SMS, or WhatsApp 2FA, from the available options while logging into the form for first time.

Built to Integrate Seamlessly

Two Factor Authentication – WordPress 2FA/MFA plugin is compatible with popular plugins such as:-

Have a plugin not listed here? We offer custom integration support—just reach out.

Third-Party Custom SMS Gateway for OTP via SMS

The premium version of the miniOrange Two-Factor Authentication plugin supports any third-party SMS gateway for OTP-based login via SMS.
Whether you already use a custom SMS provider or need to integrate with a local/regional provider, you can easily configure it within the plugin
Famous SMS gateways supported by Two Factor Authentication – WordPress 2FA plugin.

Why You Need to Register with miniOrange?

Some features of the plugin, such as OTP via SMS or Email in the Free plugin, require secure transactions needed to be credited to your account use this method through miniOrange Gateway.
However, most features work even without registration, including TOTP apps like Google Authenticator, Microsoft Authenticator, security-based questions and backup codes.

Customized solutions and active support for the miniOrange Google Authenticator or Two Factor Authentication(2FA) plugin are available. Email us at info@xecurify.com/2fasupport@xecurify.com or call us at +1 9786589387.

Screenshots

  • 2FA setup for Admins
    1. Google Authenticator Setup as Two-Step Authentication
  • miniOrange User Account Details
  • Reset Users 2FA from plugin
  • Custom Email Templates – Whitelabelling with your Brand
  • Two Factor setup for SMS Verification with OTP

Installation

From your WordPress dashboard

  1. Navigate to Plugins > Add New from your WP Admin dashboard.
  2. Search for miniOrange Two-Factor Authentication - 2FA orGoogle Authenticator.`
  3. Install miniOrange Two-Factor Authentication - 2FA and activate the plugin.

From WordPress.org

  1. Search for miniOrange Two-Factor Authentication - 2FA and download it.
  2. Unzip and upload the miniorange-2-factor-authentication - 2FA directory to your /wp-content/plugins/ directory.
  3. Activate miniOrange Two-Factor Authentication – 2FA from the Plugins tab of your admin dashboard.

    Video Guide :

FAQ

What happens if I enable 2FA for all users, but a user hasn’t registered yet?

Users who haven’t set up 2FA will be prompted to configure their authentication method during their next login. This ensures account security without locking them out.

How do I enable Google Authenticator as Two-Factor Authentication (2FA) as the backup method?

Yes, you can configure Google Authenticator as a backup method by enabling “Login with any configured 2FA method” or Multi-Factor Authentication from the plugin settings.
Note: This is a Premium Feature.

Can I limit users to only one authentication method?

Yes. In the Quick Setup tab, select the desired 2FA method (e.g., Google Authenticator). During registration or login, users will only see the method(s) you’ve enabled.
Note: This is a Premium Feature.

How can I maintain the same look and feel on my custom login page when using 2FA?

If you’re using a custom login page (other than wp-login.php), go to the Login Form Settings in the plugin dashboard and configure 2FA for your specific form.
Note: Some custom forms may require additional integration. If 2FA doesn’t work out of the box, reach out via the Support tab in the plugin or email us at info@xecurify.com for custom integration help.

What should I do if the 2FA plugin conflicts with another plugin or prevents login?

Our plugin is compatible with most major plugins, but occasional conflicts may occur. If you face any issues:

  • Submit a ticket via the Support section in the plugin dashboard.
  • Or contact us directly at info@xecurify.com.

How do I transfer my 2FA setup to a new phone?

Go to the Setup 2FA tab under My Account, and simply reconfigure your preferred 2FA method on your new device.

How do I regain access to my site if I get locked out using Google Authenticator (2FA)?

If you’re locked out, here are a few recovery options:

  • Login with another admin account(that doesn’t have 2FA enabled).
  • Use Knowledge-Based Authentication (KBA if previously configured as a backup method.
  • Disable the plugin via FTP: Rename the plugin folder from your hosting file manager or FTP. This will deactivate the 2FA plugin and allow access without verification.
    For step-by-step instructions, check our Locked Out Guide or watch the video tutorial.

Reviews

Duujal 23, 2025
I had purchased premium plugin however for some features I need a support. The support was exceptional.Sandesh , the support guy is a legend. He helped me in all the issues I’ve faced and update the plugin accordingly.
Duujal 14, 2025
I’ve been using this plugin for 2FA for several years. After a recent update, I encountered an issue where I could no longer access my site. Sandesh and team were immediately responsive and available to help resolve the matter quickly.
Duujal 13, 2025
I have been using this app for 5 years and have been super happy with it. It is super easy to use with Google Authenticator and works like a champ. Recently, an update locked me out of my website. I submitted a support ticket and Sandesh actually scheduled a meeting with me to fix the issue. I was super impressed! In 15 years, I have only had one other company reach out to me directly, schedule a team’s meeting, and fix the issue. That’s amazing, and I really have to give a big shout out to Sandesh. Thank you so much!!!
Seeɗto 15, 2025
This is a great 2-Factor authentication plug-in. I was having some issues after the latest update but I reached out to customer service and they took care of everything really quickly.
Seeɗto 8, 2025
Always get great service from this company. Excellent 2FA implementation and just works as you’d want. Well done guys.
Read all 378 reviews

Contributors & Developers

“miniOrange 2-factor Authentication (2FA with SMS, Email, Google Authenticator)” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

6.1.0

  • UI/UX Improvements – 2FA popups
  • Vulnerability Fixes – 2FA Bypass and Weak Question & Answer Validation (KBA)
  • Bug Fixes – Low Transactions Notice
  • Added Debug Log Feature
  • Setup Guides Links added in Forms tab
  • Code Optimization

6.0.9

  • Bug Fixes – 2FA Backup Code Validation

6.0.8

  • Compatibility with WordPress 6.8
  • Bug Fixes – 2FA Login Transaction Report

6.0.7

  • UI/UX Improvements – miniOrange user Login & Registration form | Sync Transactions button
  • Bug Fixes – Login Report feature
  • Updates – Users’ 2FA Status table | .pot file

6.0.6

  • Improvements – 2FA admin dashboard UI/UX
  • Auto file inclusion added
  • Added Separate tab for 2FA reports
  • Updated Email Verification popup

6.0.5

  • Updated Button CSS
  • Updated Custom Logo Branding on 2FA Popup Settings UI
  • General CSS Improvements
  • 2FA Pricing Page Removed

6.0.4

  • Improvement – Updated Login Transaction Report UX
  • 2FA Pricing Plan updates

6.0.3

  • Bug Fixes – Google Authentication CSS-JS loading issue in login

6.0.2

  • Setup Wizard flow changes.
  • Bug Fix in Setup Wizard flow.

6.0.1

  • Bug fixes for UI/UX plugin release

6.0.0

  • Updated UI/UX of the plugin dashboard
  • Added configuration for customizations of all email notifications White Labelling > Email Templates
  • Added 2FA reconfiguration link over email as a backup method
  • Added Cusotm Redirect URL after login feature
  • Extended grace period functionality
  • Removed miniOrange Authenticator 2FA method
  • Removed DUO Authenticator 2FA method
  • Shifted Google Authenticator Custom App name to White Labelling > 2FA Customizations

5.8.4

  • Updated jquery jquery.dataTables.min.js version to the latest version
  • Bug fixes- Getting error on user account creation on WooCommerce

5.8.3

  • Compatibility with WordPress 6.5
  • Fixed redirection issue on activation with WordPress 6.5
  • Changed refund Policy link
  • Updated miniOrange portal links

5.8.2

  • Bug Fix- Log out the users when the grace period is enabled
  • Improvement- Added SMTP checks for email verification
  • Improvement- Updated UX for Email Verification method
  • Fixed- Warnings in the error logs

5.8.1

  • Bug Fix- Show backup codes to users after configuring Email Verification
  • Updated UI for Google Authenticator user configuration screens
  • Updated UI of Setup Wizard

5.8

  • Bug fix- 2FA method was getting updated when updating a user on the user-edit page
  • Updated UI for OTP over SMS, OTP over Email and OTP over Telegram configuration screens
  • Added Email Verification method

5.7.5

  • Compatibility with WordPress 6.4

5.7.4

  • Bug fix- Keep end users’ 2FA configuration when the plugin is deactivated
  • Bug fix- Attempts left for the OTP-based methods
  • Bug fix- Display App Key for Google authenticator in 2FA inline registration

5.7.3

  • Bug fixes for registration forms
  • Compatibility with WordPress 6.3

5.7.2

  • Updated flow of 2FA on registration form
  • Minor bug fixes

5.7.1

  • Bug fix – Users will be able to configure/reconfigure and reset cloud methods
  • Bug fix – SMS Transactions will be credited when customers register in the plugin
  • Bug fix – Fixed Email Transaction sync issue
  • Added Resend OTP Button in case of OTP Over SMS, OTP over Telegram, OTP over Email methods
  • Improvement – Enforced reconfiguration of the alternate method after login with backup code
  • Feature Improvement – The 2FA prompt will be visible in case of TOTP method has not been set for the admin
  • Updated plugin dashboard UI – Added My Account tab for miniOrange User Account

5.7.0

  • Code Improvements according to WPCS
  • Feature Improvement – Added role-based checks for login through new IP
  • Improvement – Error handling for account creation

5.6.6

  • Google Authenticator – Two-Factor Authentication – 2FA, OTP :
  • Bug fix – redirection issue for users in a Multisite environment
  • Improvements – Removed External links from Google Authenticator
  • Improvements – Mobile responsiveness of setup wizard
  • Improvement for SMS/Email verification on the PaidMembership Proform
  • Updated Pricing plan according to new use cases
  • Updated Add SMS notification/button check
  • Updated feedback form
  • Advertised OTP over WhatsApp

5.6.5

  • Google Authenticator – Two-Factor Authentication – 2FA, OTP :
  • Bug fix – Save template for notifications on email
  • Bug fix – Error in SMS authentication setup through plugin dashboard
  • Updated Network Security removal notice message

5.6.4

  • Google Authenticator – Two-Factor Authentication – 2FA, OTP :
  • Bug fix – headers already sent in messages.php

5.6.3

  • Google Authenticator – Two-Factor Authentication – 2FA, OTP :
  • Skip-2 factor option removed from the inline setup
  • Backup code button will always be shown
  • Added login form and theme fields in the trial request form
  • CSS-JS version added for all scripts and styles respectively
  • Autofocus for many input fields and submit the form when Enter is hit

5.6.2

  • Google Authenticator – Two-Factor Authentication – 2FA, OTP :
  • Vulnerability fixes
  • Removed Network Security for new users
  • Updated Pricing page UI

5.6.1

  • Google Authenticator – Two-Factor Authentication 2FA, OTP :
  • Bug fix- Headers already sent
  • Added SMTP check for sending backup codes on 2fa prompt

    For older changelog entries, please see the additional changelog.txt file provided with the plugin.