miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login


Google Authenticator – Two-Factor (WP 2FA / OTP) – Provides secure login to WordPress. This plugin can be configured for any TOTP-based/OTP Login 2fa methods like Duo/Microsoft/Google Authenticator. It supports OTP login based 2fa methods.

USERS DON’T REQUIRE ACCESS TO THE WORDPRESS DASHBOARD TO SET UP 2FA making it extremely easy and secure to implement.

Check out following video to configure google authenticator as a 2fa:

Features | 7 day Premium trial

[Google Authenticator – Two step verification/ 2 Factor Authentication/ WP 2FA]

  • QR Code authentication, Push Notification, Soft Token and Security Questions(KBA) for multi-factor authentication(WP 2FA/MFA).
  • Language Translation Support.
  • User Profile 2fa: Administrators can set up Two-Factor (2FA) of users via WordPress users section
  • Multi Factor Authentication(MFA): This feature can be used to invoke any two-factor method on login among multiple methods which were configured. You can configure multiple TOTP/OTP Login based 2fa methods that can be used as a backup 2fa method
  • Two-Factor Authentication ( TFA/2FA ) for Ajax login forms like User Pro, login with ajax, Theme my login, etc.
  • Passwordless login and login with phone number
  • Prevent account sharing: Google Authenticator(WP 2FA) is OTP login based method which restricts users from sharing WordPress login credentials which help to secure WordPress Websites. The Google authenticator plugin also adds a session control feature that limits user sessions based on WordPress User activities.
  • This plugin Supports standard TOTP
  • Two-Factor Authentication (WP 2FA/TFA) allows authentication on the login page itself for Google Authenticator & miniOrange Soft Token.
  • 3 users free for lifetime.
  • Multiple Login Options: Username + password + two-factor (or) Username + two-factor i.e. Passwordless login /Login without password /Password free authentication.
  • Recovery codes in case you are locked out for all Two-Factor Authentication (WP 2FA/TFA)
  • Mobile verification – two step verification (WP 2FA/TFA) using authentication methods like Google Authenticator, QR code authentication, etc.

Apps Supported by the two-factor authentication (2FA / MFA) plugin

Maintained & Supported by miniOrange

We are experts in the field of security and have released advanced WordPress solutions such as Password Policy Manager.
Apart from this, we also have Broken Link Checker to scan detect and fix your broken links to keep your site functioning smoothly.

User Identity Verification or multi-factor authentication with Google Authenticator

Login and Registration: Verify users on login with different TOTP Login methods & other OTP/2fa methods like OTP over SMS, OTP Over Email, OTP Over Telegram, Google Authenticator, SMS Verification, Email Verification, Authy Authenticator, Duo Authenticator, Microsoft Authenticator, TOTP Based Authenticator, Security Questions, and many others.
Users will receive an OTP at the time of registration which will be used to verify their identity. OTP authentication can be done via either of the OTP Login methods(OTP Over email or via OTP over SMS).

Plugin Integrations and Support for all methods of two-factor authentication/two step verification ( WP 2FA/TFA/OTP Authentication )

Our plugin is integrated with popular Plugins such as WooCommerce, Ultimate member, User Registration, Restrict Content Pro, Login Press, Registration Magic, Admin Custom Login, Buddy Press, Theme My Login, Elementor Pro, Profile Builder, Login With Ajax and many more.

[Third Party Custom SMS Gateway for OTP Over SMS]( ( OTP Login/two-factor authentication / 2FA )

The premium plugin supports any third-party custom SMS Gateway. If you don’t have your SMS gateway you can use miniOrange gateway and send SMS(OTP over SMS) all over the world for OTP authentication.
Here are some famous gateways supported for two-factor (WP 2FA/TFA/OTP).
Test your Gateway

Why do you need to register for google authenticator?

Google authenticator uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign API keys specific to your account. This way your account and users’ calls can be only accessed by API keys assigned to you.

Google Authenticator ( WP 2FA – two-factor authentication ) All Inclusive Plugin Features

Google Authenticator ( WP 2FA / OTP ) Enterprise Plugin Features

Add Ons for two-factor authentication ( WP 2FA / OTP )

  • RBA & Trusted Devices Management Add-on Features for two-factor authentication ( WP 2FA/OTP Login )

    • Remember Device to skip the two-factor authentication ( 2 Factor ) from the trusted devices.
    • Set Device Limit for the users to login
  • Personalization Add-on Features to customize your two-factor authentication/OTP Authentication pages

    • Custom UI of Two-Factor Authentication (WP 2FA/TFA) pop-ups
    • Custom Email and SMS Templates
    • Customize ‘Powered by’ Logo on wp 2fa authentication page
    • Customize Plugin Icon
    • Customize Plugin Name
  • Short Codes Add-on Features for two-factor authentication ( 2FA / MFA )

    • Turn on/off 2 factor (two-factor authentication) by user
    • Reconfigure 2fa methods
    • ‘Enable Remember Device’ from a custom login form to skip 2-factor for trusted devices.
    • On-Demand ShortCodes for specific functionalities ( like for enabling WordPress 2FA (Two-Factor authentication) for specific pages)
  • Device restriction with webauthn/ FIDO2
    Password free authentication is possible with WebAuthn.

Check all the security features other than two-factor authentication ( Two step verification/OTP authentication ) here: miniOrange Website

Useful blog posts about two-factor authentication ( 2FA / MFA ) plugin

Customized solutions and Active support are available. Email us at or call us at +1 9786589387.

Note: The plugin is GDPR Compliant and supports a wide variety of Language Translation


  • Google Authenticator (WP 2FA/OTP) - Setup different 2 Factor methods
  • Google Authenticator (WP 2FA/OTP) - Test 2 factor configured
  • Google Authenticator (WP 2FA/OTP) - 2 Factor Authentication (2FA) methods available
  • Google Authenticator (WP 2FA/OTP) - Google Authenticator login
  • Google Authenticator (WP 2FA/OTP) - QR code 2 Factor (2FA) login
  • Google Authenticator (WP 2FA/OTP) - miniOrange Authenticator login
  • Google Authenticator (WP 2FA/OTP) - Push notification login
  • Google Authenticator (WP 2FA/OTP) - Remember device and personalization add-ons


From your WordPress dashboard

  1. Navigate to Plugins > Add New from your WP Admin dashboard.
  2. Search for miniOrange 2 Factor Authentication (2FA)or Google Authenticator.
  3. Install miniOrange 2 Factor Authentication (2FA) and activate the plugin.


  1. Search for miniOrange 2 Factor Authentication (2FA) and download it.
  2. Unzip and upload the miniorange-2-factor-authentication (2FA) directory to your /wp-content/plugins/ directory.
  3. Activate miniOrange 2 Factor Authentication (2FA) from the Plugins tab of your admin dashboard.

Video Guide :


How do I gain access to my website if I get locked out using the Google Authenticator?

You can obtain access to your website by one of the below options:

  1. If you have an additional administrator account whose Two-Factor (2FA) is not enabled yet, you can login with it.
  2. If you had set up KBA questions earlier, you can use them as an alternate method to login to your website instead of 2FA.
  3. Rename the plugin from FTP – this disables the Google Authenticator (WP 2FA/TFA) plugin and you will be able to login with your WordPress username and password.

For detailed information, Please check on our website. Locked Out.
You can also check our video Tutorial:

I want to enable Google Authenticator 2 Factor authentication (2FA) as the backup method?

You can use google authenticator as the backup method for your specific user or all users in the premium version of the two-factor authentication. [PREMIUM FEATURE]

I have enabled Two-Factor Authentication (2FA / TFA) for all users, what happens if an end-user tries to login but has not yet registered?

If a user has not set up Two-Factor yet, the user has to register by inline registration that will be invoked during the login.

I want to enable only one authentication method for my users. What should I do?

You can select the two-factor authentication methods under the Login Settings tab. The selected authentication methods will be shown to the user during inline registration for example if you select Google Authenticator it will be shown on login. [PREMIUM FEATURE]

I have a custom/front-end login page on my site and I want the look and feel to remain the same when I add 2-factor ?

If you have a custom login form other than wp-login.php then we will provide you the shortcode. Shortcode will work only for the customized login page created from WordPress plugins. We are not claiming that it will work with all the customized login pages. In such a case, custom work is needed to integrate two-factor with your customized login page. You can submit a query in our Support Section in the plugin or you can contact us at for more details.

I have installed plugins that limit the login attempts like Limit Login Attempt, Loginizer, Wordfence, etc. Are there any incompatibilities with these kinds of plugins?

The limit login attempt kind of plugins limit the number of login attempts and block the IP temporarily. So if you are using 2 factor(WP 2fa/TFA) along with these kinds of plugins then you should increase the login attempts (minimum 5) so that you don’t get locked out yourself.

If you are using any Security Plugin in WordPress like Simple Security Firewall, All in One WP Security Plugin and you are not able to login with Two-Factor.

Our Two-Factor plugin is compatible with most of the security plugins, but if it is not working for you. Please submit a query in our Support Section in the plugin or you can contact us at

If you are using any render-blocking javascript and CSS plugin like Async JS and CSS Plugin and you are not able to login with Two-Factor or your screen went blank.

If you are using Async JS and CSS Plugin. Please go to its settings and add jquery to the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at

My phone has no internet connectivity and I am entering the one time passcode from miniOrange Authenticator App during OTP login, it says Invalid OTP?

Click on the Settings Icon on top right corner in miniOrange Authenticator App and then press Sync button under ‘Time correction for codes’ to sync your time with miniOrange Servers. If you still can’t logged in then please email us at or Contact us.Soft Token method is just like google authenticator method.

I am upgrading my phone.

You should go to Setup Two-Factor (2FA) Tab and click on Reconfigure to reconfigure 2-Factor with your new phone.


August 30, 2022
This plugin is very hard to get rid of! Deactivation cause 500 error and impossible to delete! Wordpress admins please consider this as a report to terminate this out of list of plugins as long as it does not meet WP plugin standards.
July 21, 2022
Excellent plugin, we use this plugin from 2019 - MAx. security for websites - no bugs - easy to set up - increase the security - we are thankful.
May 4, 2022
Soham and Mayur were able to fix all of my issues and always did so in a timely manner. The premium plugin works as advertised. Very happy with my decision to support this company.
March 8, 2022
Had some issues but good recovery from customer services and now app is set up properly. I think the app could be better supported with clearer user education beforehand. There is a lot of tricky set upon issues for the new user. But the follow-up support was very helpful.
Read all 323 reviews

Contributors & Developers

“miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login” is open source software. The following people have contributed to this plugin.




  • Google Authenticator – Two factor Authentication (2FA, OTP) :
  • Bug fix- Headers already sent
  • Added SMTP check for sending backup codes on 2fa prompt


  • Google Authenticator – Two factor Authentication (2FA, OTP) :
  • Added new feature – the grace period for users
  • Updated setup wizard UI – Included user-based settings in the wizard
  • Added dashboard to check 2fa status of users
  • Login report of users available even when Network Security is disabled
  • Handled backup codes flow when sitestats is unreachable
  • Added access control and nonce checks in some flows – Malware scan, plugin enable/disable
  • Fixed warning issues – fetching location details using geoplugin API

For older changelog entries, please see the additional changelog.txt file provided with the plugin.