5 Best Free WordPress Plugins for Two Factor Authentication

Two-factor authentication is a feature that asks for more than just your password. It requires both something you know (a password) and something you have (for example, your email). After you enter your password, you’ll get a second code sent to your email, and only after you enter it will you get into your account.

Using key loggers, phishing attacks, viruses etc it is quite easy to steal users credentials. In such a scenario, Two factor authentication has emerged as an effective information security solution to prevent such attacks and help in countering hacking attacks.

In this article, we have collected the best WordPress two factor authentication plugins you can get for free.


SecSign replaces the default WordPress login screen and allows you to log in to your site with your smartphone or Apple Watch. This also means that you don’t have to type in your WordPress password when you sign in to your site.

SecSign ID features:

  • Quick and easy to use single sign-on with 2048-bit high security
  • Eliminates password chaos and security concerns
  • No mobile number, credit card or time-consuming registration required
  • No need for long cryptical passwords, time-consuming retyping of codes from SMS or reading of QR codes
  • High security and strong cryptography on all levels

Two Factor Authentication

Secure WordPress login with this two factor authentication (TFA) plugin. Users for whom it is enabled will require a one-time code in order to log in.

This plugin uses the industry standard algorithm TOTP or HOTP for creating One Time Passwords. These are used by Google Authenticator, Authy, and many other OTP applications that you can deploy on your phone etc.

A TOTP code is valid for a certain time. Whatever program you use (i.e. Google Authenticator, etc.) will show a different code every so often.

Google Authenticator – Two Factor Authentication (2FA)

The Google Authenticator plugin by miniOrange adds an extra layer to the login page of your WordPress site. It allows you to choose between no less than six kinds of two factor authentication methods:

  1. Email verification
  2. SMS verification
  3. Phone call verification
  4. Soft token
  5. QR code authentication
  6. Push notification

If you want to use your desktop for authentication you need to choose email verification. The other methods all require a smartphone, however phone call verification also supports landline calls.

Google Authenticator

The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

Duo Two-Factor Authentication

Duo is easy to setup and use. With Duo there’s no extra hardware or complicated software to install, just sign up for Duo’s service and install the plugin. Then you can set which user roles you want to enable two-factor authentication for—admins, editors, authors, contributors, and/or subscribers.