Skip to content
Two-Factor Authentication for WordPress.
PHP JavaScript CSS
Branch: master
Clone or download
Latest commit ab8d651 Jul 18, 2019


Banner Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.

Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd
Tags: two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
Requires at least: 4.3
Tested up to: 5.2
Stable tag: trunk (master)

Build Status Coverage Status Built with Grunt


Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable and configure one or multiple two-factor authentication providers for your account:

  • Email codes
  • Time Based One-Time Passwords (TOTP)
  • FIDO Universal 2nd Factor (U2F)
  • Backup Codes
  • Dummy Method (only for testing purposes)

For more history, see this post.


Two-factor options under User Profile.

Two-factor options under User Profile.

U2F Security Keys section under User Profile.

U2F Security Keys section under User Profile.

Get Involved

Development happens on GitHub. Join the #core-passwords channel on WordPress Slack (sign up here).

Here is how to get started:

$ git clone
$ npm install

Then open a pull request with the suggested changes.


See the release history.

You can’t perform that action at this time.