Two Factor Authentication (2FA , MFA, OTP SMS and Email)

Description

multi-factor authentication – Two Factor (2FA/OTP) – Two Factor Authentication provides a complete and Secure login to your WordPress website. Mult-factor authentication can be configured for any TOTP-based authentication method like Google Authenticator, Microsoft Authenticator, etc. It also supports OTP Over SMS, OTP Over Email, Duo Authenticator, Microsoft Authenticator, OTP Over WhatsApp, OTP Over Telegram, and many more authentication methods.

** Note: The two-factor plugin is GDPR Compliant and supports a wide variety of Language Translations **

Google Authenticator and other 2 Factor ( 2FA, Two Factor Authentication ) sync on multiple websites with the same OTP

You would not need to configure Google Authenticator and other Two Factor Authentication ( 2FA ) methods from the second time onward. Just login with an account and your 2FA will automatically get set. This is available for Google Authenticator, Duo Authenticator, Microsoft Authenticator, Security Questions, LastPass, Authy, miniOrange methods, OTP over SMS, and OTP over Email. It is supported only if you are using our cloud services of 2 Factor.

supports variety of WordPress forms

Features

  • We support multi-factor authentication for all types of phones.
  • Simplified & easy user interface to set up Google Authenticator and other Two-Factor Authentication ( 2FA/TFA/OTP ) methods.
  • Variety of Authentication Methods: Any App supporting TOTP algorithm like Google Authenticator, OTP over SMS, Duo Authenticator, OTP over EMAIL, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, and Security Questions(KBA)
  • Two Factor Authentication (2FA/TFA) allows authentication on the login page itself for Google Authenticator

How is miniOrange Two Factor Authentication different?

  • We support multiple authentication methods along with their backup method.
  • We support Device Identification or remember device then in the next login from the same device, the user will not be prompted for Two Factor.
  • We support Two factors like OTP over SMS, OTP over Email, etc for the Woocommerce frontend login theme.
  • ShortCode is now available for different frontend custom login pages
  • Two Factor Authentication using ShortCode for Premium themes are also supported. If you need help integrating Two Factor, you can contact us.

Multi-Factor Authenticator ( 2FA/OTP ) [Premium Plugin] Premium Plugin Features

  • Two Factor Authentication (2FA) for Users as per the upgrade ( Site-based pricing )
  • Available Authentication Methods: Google Authenticator, Authy Authenticator, LastPass Authenticator, OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, QR Code, Push Notification, Soft Token, Security Questions(KBA).
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
  • Enable Two Factor Authentication (2FA/OTP) for specific Users/User Roles
  • Choose specific two-factor authentication methods for Users
  • Backup Method: KBA(Security Questions), OTP over Email
  • Multisite compatible.
  • User role-based redirection after Login, Customize account name in Google Authenticator app
  • Custom Security Questions (KBA)

= Multi Factor Authenticator ( 2FA/OTP ) Premium Plugin(All Inclusive) Features=

  • Two Factor Authentication (2FA) for Users as per the upgrade ( Site-based pricing )
  • Available Authentication Methods: Google Authenticator, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. ( SMS and Email credits need to be purchased as per the need)
  • Language Translation Support
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
  • Enable Two Factor Authentication (2FA/OTP) for specific Users/User Roles
  • Choose specific two-factor authentication methods for Users
  • Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes
  • Multisite compatible.
  • Email notification to users asking them to set up Two Factor Authentication (2FA).
  • User role-based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
  • Choose specific two-factor authentication methods for Users Guide
  • Set Privacy Policy for users Guide
  • App-Specific Password to login from mobile Apps
  • Remember Device to skip the two-factor authentication( TFA/2FA/MFA ) for trusted devices Guide
  • Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on, and Short Codes Add-on
  • **Brute force attack prevention, IP Blocking & User login Monitoring. **
  • Monitoring current Google Authenticator and other two-factor authentication (2 Factor) methods of all the users in the plugin.

Multi-Factor Authenticator ( 2FA/OTP ) Enterprise Plugin Features

  • Two Factor Authentication (2FA) for Users as per the upgrade ( User-based pricing )
  • Available Authentication Methods: Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. ( SMS and Email credits need to be purchased as per the need)
  • Language Translation Support for two-factor authentication.
  • Multiple Login Options: Username + password + two factor Authentication (or) Username + two factor authentication i.e. Passwordless login /Login without password.
  • Backup Methods: KBA(Security Questions), OTP Over Email, Backup Codes
  • Multisite compatible with all WordPress 2FA methods.
  • Email notification to users asking them to set up Google Authenticator – Two Factor Authentication (2FA/TFA).
  • User role-based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
  • Enable Two Factor Authentication (2FA/OTP) for specific Users/User Roles
  • Choose specific two-factor authentication methods for Users
  • App-Specific Password to login from mobile Apps
  • Add-Ons Included: RBA & Trusted Devices Management Add-on, Personalization Add-on, and Short Codes Add-on
  • **Brute force attack prevention, IP Blocking & User login Monitoring. **
  • File protection & strong password
  • Monitoring current Google Authenticator and other two-factor authentication (2 Factor) methods of all the users in the plugin.

Multi factor authentication ( 2FA / MFA )

You can configure multiple WordPress 2FA methods like google authenticator, OTP over Email, OTP over SMS, etc, and choose which method you want to login to your website from a list of configured methods. Multi-factor authentication is helpful for cases such as when you do not have your phone and cannot access your TOTP app for login. You can then use other multi-factor authentication methods like OTP over Email to login.

Check all the features other than two factor authentication ( Two step verification ) here: miniOrange Website

Why do you need to register for Multi Factor authentication?

Multi Factor authentication uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign API keys specific to your account. This way your account and users’ calls can be only accessed by API keys assigned to you.
Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or WordPress 2FA like Google Authenticator. Single code generated in Google Authenticator will be enough to log in to all sites. With this, you can also achieve sync of two factor authentication on multiple sites. This helps to provide a secure Wp 2fa cloud solution.

Useful blog posts about two factor authentication ( 2FA/MFA ) plugin

*Beginner’s Guide: How to Add Two Factor Authentication to WordPress
*How to Add WordPress Two Factor Authentication (2FA/TFA)

OTP FOR SELECTED COUNTRIES

This is an add-on which allows OTP Verification to be enabled for selected list of countries only. OTP Verification for any other country out of the selected list will be blocked by the addon.

BULK SMS AND OTP

This is an add-on which allows Admin to send Custom SMS and OTP Verification codes in bulk. Upload the CSV file or enter the numbers manually along with the SMS template that needs to be sent in bulk. Contact us at

LIMIT OTP REQUEST

This is an add-on which allows Blocking of OTP codes from being sent out before the set timer is up. This Addon helps in limiting malicious users or unwanted OTP requests to be made by blocking the user for the time limit set.

OTP OVER PHONE CALL

This is an add-on which allows OTP Verification over Phone Call instead of SMS. The code will be received via a phone call to the customer.

VERIFICATION VIA EMAIL LINK

This is an add-on which allows **User Verification via accept/rejects links receieved on the email instead of OTP codes.

Screenshots

  • Setup different 2-Factor methods (2FA/OTP)
  • 2 Factor plugin settings. (2FA/OTP)
  • Advance plugin settings (2FA/OTP)
  • Login form option1 (Enter username) (2FA/OTP)
  • Login form option2 (Enter username) (2FA/OTP)
  • QR Code Authentication Login Screen ( Authenticate your mobile ) (2FA/OTP)
  • OTP Login Screen ( OTP over SMS, Phone Call Verification, Soft Token, Google Authenticator ) (2FA/OTP)
  • Push Notification and Email Verification (2FA/OTP)

Installation

From your WordPress dashboard

  1. Navigate to Plugins > Add New from your WP Admin dashboard.
  2. Search for Multi-Factor Authentication. Find and InstallMulti-Factor Authentication
  3. Activate the plugin from your Plugins page

From WordPress.org

  1. Search for miniOrange 2 Factor Authentication (2FA) and download it.
  2. Unzip and upload the miniorange-login-security (2FA) directory to your /wp-content/plugins/ directory.
  3. Activate Multi-Factor Authentication (2FA) from your Plugins page.

Once Activated [Multi-Factor Authentication – Two step verification]

  1. Select miniOrange Multi-Factor ( 2 factors)Authentication from the left menu and follow the instructions.
  2. Once, you complete your setup. Click on Log Out button.
  3. Enter the username and password. After the initial validation, you will be prompted for the 2-factor method you had set up.
  4. Validate yourself with the 2-factor authentication method you configured.

Video Guide :

FAQ

How do I gain access to my website if I get locked out using multi-factor authentication?

You can obtain access to your website by one of the below options:

  1. If you have an additional administrator account whose Two Factor (2FA) is not enabled yet, you can login with it.
  2. If you had set up KBA questions earlier, you can use them as an alternate method to login to your website instead of 2FA.
  3. Rename the plugin from FTP – this disables the Two-Factor (2FA/TFA) plugin and you will be able to login with your WordPress username and password.

For detailed information, Please check on our website. Locked Out.
You can also check our video Tutorial:

I want to enable Google Authenticator 2 Factor authentication (2FA) as the backup method?

You can use google authenticator as the backup method for your specific user or all users in the premium version of the two-factor authentication. [PREMIUM FEATURE]

I want to enable Two Factor Authentication (2FA/TFA) role-wise?

You can select the roles under the Login Settings tab to enable the plugin role-wise. [PREMIUM FEATURE]

I have enabled Two-Factor Authentication (2FA/TFA) for all users, what happens if an end-user tries to login but has not yet registered?

If a user has not set up Two-Factor yet, the user has to register by inline registration that will be invoked during the login.

I want to enable only one authentication method for my users. What should I do?

You can select the two-factor authentication methods under the Login Settings tab. The selected authentication methods will be shown to the user during inline registration for example if you select Google Authenticator it will be shown on login. [PREMIUM FEATURE]

I did not receive OTP while trying to register with miniOrange. What should I do?

The OTP is sent to the email address with which you have registered with miniOrange. If you can’t see the email from miniOrange in your emails, please make sure to check your SPAM folder. If you don’t see an email even in the SPAM folder, please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

I want to configure the 2nd factor by Google Authenticator.

Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Google Authenticator App. Enter the 6-digit code in the textbox and click on Save and verify button.

I want to configure the 2nd factor by the Authy 2-Factor Authentication(2FA/TFA) App.

Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Authy 2-Factor Authentication (2FA/TFA) App. Enter the 6-digit code from the Authy App into the textbox available and click on Save and Verify button.

I forgot the password of my miniOrange account. How can I reset it?

There are two cases according to the page you see –
1. Login with miniOrange screen: You should click on the forgot password link. You will get a new password on your email address with which you have registered with miniOrange. Now you can login with the new password.

  1. Register with the miniOrange screen: Enter your email ID and any random password in the password and confirm the password input box. This will redirect you to log in with a miniOrange screen. Now follow the first step.

I have a custom/front-end login page on my site and I want the look and feel to remain the same when I add 2 factors?

If you have a custom login form other than wp-login.php then we will provide you with the shortcode. Shortcode will work only for the customized login page created from WordPress plugins. We are not claiming that it will work with all the customized login pages. In such a case, custom work is needed to integrate two factors with your customized login page. You can submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com for more details.

I have a Woocommerce theme login page on my site. How can I enable Two Factor?

If you have Woocommerce theme login then go to Advanced Options Tab and check Enable Two-Factor for Woocommerce Front End Login. If you need any help setting up 2-Factor for your Woocommerce theme login form, please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

I have installed plugins that limit the login attempts like Limit Login Attempt, Loginizer, Wordfence, etc. Are there any incompatibilities with these kinds of plugins?

The limit login attempt kind of plugin limits the number of login attempts and block the IP temporarily. So if you are using 2 factors (2fa/TFA) along with these kinds of plugins then you should increase the login attempts (minimum 5) so that you don’t get locked out yourself.

If you are using any Security Plugin in WordPress like Simple Security Firewall, All in One WP Security Plugin and you are not able to login with Two-Factor.

Our Two-Factor plugin is compatible with most of the security plugins, but if it is not working for you. Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

If you are using any render-blocking javascript and CSS plugin like Async JS and CSS Plugin and you are not able to login with Two-Factor or your screen got blank.

If you are using Async JS and CSS Plugin. Please go to its settings and add jquery to the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.

My users have different types of phones. What phones are supported?

We support all types of phones. Smart Phones, Basic Phones, Landlines, etc. Go to Setup Two-Factor Tab and select the Two-Factor method of your choice from a range of 8 different options.

What if a user does not have a smartphone?

You can select OTP over SMS, Phone Call Verification, or Email Verification as your Two-Factor method. All these methods are supported on basic phones.

What if a user does not have a phone?

You can select Email Verification or Security Questions (KBA) as your Two-Factor method.

What if I am trying to login from my phone?

If your Security Questions (KBA) are configured then you will be asked to answer them when you are logging in from your phone.

I want to hide the default login form and just want to show login with my phone?

You should go to Login Settings Tab and check Login with Phone Only checkbox to hide the default login form.

I want to hide the default login form and just want to Google Authenticator OTP field?

You should go to Login Settings Tab

My phone has no internet connectivity and is configured 2nd factor (2FA) with the miniOrange App, how can I log in?

You can login using our alternate login method. Please follow the below steps to login:

  • Enter your username and click on login with your phone.
  • Click on Phone is Offline? button below QR Code.
  • You will see a textbox to enter one-time passcode.
  • Open the miniOrange Authenticator App and Go to Soft Token Tab.
  • Enter the one-time passcode shown in the miniOrange Authenticator App in the textbox, just like Google authenticator.
  • Click on submit button to validate the OTP.
  • Once you are authenticated, you will be logged in.

My phone is lost, stolen, or discharged. How can I login?

You can login using our alternate login method apart from 2FA. Click on the Forgot Phone link and you will get 2 alternate methods to login. Select “Send a one-time passcode to my registered email« to authenticate by OTP Over Email or Select “Answer your Security Questions (KBA)« to authenticate by knowledge-based authentication.

My phone has no internet connectivity and I am entering the one-time passcode from the miniOrange Authenticator App, it says Invalid OTP?

Click on the Settings Icon on top right corner in miniOrange Authenticator App and then press Sync button under ‘Time correction for codes’ to sync your time with miniOrange Servers. If you still can’t logged in then please email us at info@xecurify.com or Contact us.Soft Token method is just like google authenticator method.

I am upgrading my phone.

You should go to Setup Two Factor (2FA) Tab and click on Reconfigure to reconfigure 2-Factor with your new phone.

What If I want to use any other second factor (2FA) like OTP Over SMS, Security Questions, Device Id, etc?

miniOrange authentication service has 15+ authentication methods. One-time passcodes (OTP) over SMS, OTP over Email, OTP over SMS and Email, Out of Band SMS, Out of Band Email, Soft Token, Push Notification, Security Questions, Mobile Authentication (QR Code Authentication), Phone Verification, Device Identification. To know more about authentication methods, please visit https://miniorange.com/strong_auth . If you want to have any other 2-factor for your WordPress site, please email us at info@xecurify.com or Contact us.

Reviews

1 сар 22, 2022
I understand that every developer needs to earn money and I an not against paying for quality plugins. The problem with this company (Min Orange) are several as follows: - disingenuous: instead of being helpful, they want to charge for everything - free plugins in WP are all muddled up - many of them doing similar things - very confused. - Obfuscated code in the premium plugins. - Refusal to provide a refund (because I don't want to hire them to do custom work) In other words - they just want your money. The main problem is when I purchased their premium plugin (approx. $100) the code was obfuscated and as a developer - how on earth are we supposed to be able to modify it or customise it (as we would like to do)? Their reply was "you have to hire us". Well, sorry no! Obfuscated code is 1) Dangerous as you can't see what's in there. 2) Outrageous when buying into a GPL based code base I asked for a refund and they refused. Now I am going through my bank to have them return the visa payment Avoid this company
10 сар 4, 2021
My team wanted to use and I did the payment for the tool, in the end it was more expensive then the amount on the website. After 1 day, my team decided that this plugin was not required anymore. Talking back with MiniOrange/xecurify they told me that was not possible to cancel and refund, so they keep the money for 1 year and in 1 day was decided that we will not use. Terrible company, they don't care about customers. Be aware. I will never use any other product from this company in the future.
4 сар 19, 2021
It comes with many customizable features besides the plugin. The developer team intervenes quickly and effectively to solve your problem. Support services work great. I would like to especially thank Ganesh and Mayur for helping me solve the problems. A.Recai
1 сар 15, 2021
I've been using this plugin for over a year to integrate with an external identity service. It works well out of the box and in the basic form, but it is also highly customizable in the paid version which allows for numerous other features. Support is also very helpful and they are open to feedback when things don't work as needed or expected. I highly recommend it for others looking to centralize & strengthen their Wordpress authentication.
4 сар 24, 2018
This is a much more simple app for 2FA and works great.
9 сар 3, 2016
this guys are doing very well. i am using the wordpress 4.5.3. the pluggin guided me through the two functionalities i activated: a)brute force protection and b)google recaptcha. i have to say that i was completely new on this, and didn't know what this "recaptcha" was. for my surprise, it was very easy to setup. i believe it is working fine (i didn't try to hack my own website yet). if you want to check how it works you can try to login on my website: howtoplayspanishguitar.com/wp-login let me know your thoughts! what makes this plugging really amazing are the people that developed this plugging. i installed it yesterday and today i received the following and amazing email: thanks for downloading our limit login attempts plugin. did you find everything you were looking for? i can help you setup the plugin, free of cost and i will be happy to configure it for you for maximum protection. we are the best in the industry when it comes to login protection, brute force protection, 2 factor authentication etc. i would be happy to setup a goto meeting and take you over the configuration? would you like that? my reply below: (..) i found the setup simple. however, if you can have a look at my configuration settings to confirm that i am using the plugin at it fullest potential, that would be much appreciated! there are four things i would like to mention which is a bit confusing: 1) it seems that you, as a company, offer very similar pluggings all based on protection and security: i am not sure if i should install more of your pluggings or if with this one is enough for me to be well protected. 2) is this plugging compatible with "wps hide login"? [answer: yes, it is] 3)are all these ones also compatible with your google authenticator two factor authentication? [answer: yes, it is] 4) do you offer an all-in-one plugging that gathers all these functionalities in one plugin only? [answer: yes, it is "brute force login security, spam protection & limit login attempts"] i am glad of be part of the first group of people installing it. a very big well done. best!!!! just to let you all know, by the time i am writing this comment, i received the answers to the questions i sent them. i added all the [answers] above. i would recommend this plugging to everyone. best!
Read all 6 reviews

Contributors & Developers

“Two Factor Authentication (2FA , MFA, OTP SMS and Email)” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.2.3

  • 2fa / MFA two factor new UI development

1.2.3

  • 2fa / MFA two facto bug fixes

1.2.2

  • 2fa / MFA two facto bug fixes

1.2.1

  • Added new pricing page and improved UI and some bug fixes

1.2.0

  • Added pricing page and new UI and some bug fixes

1.0.8

  • Multi-factor Authentication : XSS Vulnerability fix

1.0.7

  • Tested till WordPress 5.8 and made compatible with PHP 8.

1.0.6

  • Multi-factor Authentication : Added Passwordless Login feature.
  • Multi-factor Authentication : Tested till WordPress 5.7.

1.0.5

  • Tested till WordPress 5.5.

1.0.4

  • Multi-factor Authentication: Added more 2FA methods like Google Authenticator, Security questions, and many more.

1.0.3

  • Tested till WordPress 4.9.4

1.0.2

  • Tested till WordPress 4.9.

1.0.1

  • First version of Two-Factor ( 2FA ) plugin.