[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9qt0J-2yaH6TOwIbRm_QQdL2JEELNote0lmGQnkmdYE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":141,"fingerprints":329},"loginshield","LoginShield for WordPress","1.0.16","Cryptium","https:\u002F\u002Fprofiles.wordpress.org\u002Fcryptium\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">LoginShield\u003C\u002Fa> is an authentication system that features one-tap login, digital signatures, strong multi-factor authentication, and phishing protection. This is a passwordless login solution. Login with one tap instead of a password!\u003C\u002Fp>\n\u003Cp>LoginShield for WordPress replaces the login page with the following secure sequence:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Prompt for username\u003C\u002Fli>\n\u003Cli>If user exists and has LoginShield enabled, use LoginShield; otherwise, prompt for password\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The LoginShield app is available for Android and iOS. \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Fsoftware\u002F\" rel=\"nofollow ugc\">Get the app\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Eliminate password and phishing attacks on user accounts\u003C\u002Fli>\n\u003Cli>Quick and secure way to log in with one-tap, passwordless login\u003C\u002Fli>\n\u003Cli>Don’t need to remember a password\u003C\u002Fli>\n\u003Cli>Don’t need to rotate passwords for safety\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Self-service activation\u003C\u002Fh4>\n\u003Cp>After you install and set up the LoginShield plugin, users can easily activate LoginShield for themselves in their profile settings page.\u003C\u002Fp>\n\u003Ch4>One-tap login\u003C\u002Fh4>\n\u003Cp>You and your users can log in to your WordPress site with just one tap.\u003C\u002Fp>\n\u003Cp>For more information, read about \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Farticle\u002Fone-tap-login\u002F\" rel=\"nofollow ugc\">one-tap login\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Digital signatures\u003C\u002Fh4>\n\u003Cp>Some of the most common ways that accounts are hacked are weak passwords and stolen passwords. This is why so many sites require users to come up with passwords that have special characters, and to change their passwords periodically (in case a current password was reused somewhere and cracked). But this is annoying to users and doesn’t guarantee they will actually pick a secure password.\u003C\u002Fp>\n\u003Cp>LoginShield uses digital signatures for authentication instead of passwords. This makes LoginShield a passwordless authentication system.\u003C\u002Fp>\n\u003Cp>Digital signatures are far stronger protection for an account than passwords, and they don’t require the user to come up with anything or remember anything. LoginShield automatically generates and uses a separate credential for each website, so you can use the same LoginShield app to login to multiple sites.\u003C\u002Fp>\n\u003Cp>LoginShield uses strong, modern cryptographic algorithms and parameters to ensure your accounts get the best protection available.\u003C\u002Fp>\n\u003Ch4>Strong multi-factor authentication\u003C\u002Fh4>\n\u003Cp>The LoginShield app itself can be protected by a password (which never leaves the mobile device) or a fingerprint. This is far better protection than the standard two-factor authentication that many sites use.\u003C\u002Fp>\n\u003Cp>For more information, read about \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Farticle\u002Fauthentication-factors\u002F\" rel=\"nofollow ugc\">authentication factors\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Phishing protection\u003C\u002Fh4>\n\u003Cp>LoginShield is the ONLY authentication solution to offer phishing protection.\u003C\u002Fp>\n\u003Cp>Many data breaches start with a phishing email, tricking the user to log in to the attacker’s website that is impersonating the real website. Any website that uses passwords to log in is vulnerable to this.\u003C\u002Fp>\n\u003Cp>Websites that use standard two-factor authentication codes are also vulnerable — whether they send the code via SMS or use an OTP app to display it, the fact that you enter that code into the website after the password prompt means a phishing attacker will also get the code.\u003C\u002Fp>\n\u003Cp>Websites that use an authenticator app with push notifications are ALSO vulnerable to this, because they don’t confirm that you’re at the correct website when you tap the “login” button in the app.\u003C\u002Fp>\n\u003Cp>Only LoginShield is able to detect that the user is not at a trusted website and route the user to the correct website, completely circumventing a credential-theft phishing attack.\u003C\u002Fp>\n\u003Cp>For more information, read about \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Farticle\u002Fphishing-protection\u002F\" rel=\"nofollow ugc\">phishing protection\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Pricing\u003C\u002Fh3>\n\u003Cp>For current pricing and free trial details, \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Fpricing\u002Fwordpress\u002F\" rel=\"nofollow ugc\">visit our website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Managing your LoginShield subscription\u003C\u002Fh3>\n\u003Cp>You can visit \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginshield.com\u003C\u002Fa> to manage your LoginShield subscription.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>The plugin shares the following information with \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">LoginShield\u003C\u002Fa>. For more information, see our \u003Ca href=\"https:\u002F\u002Floginshield.com\u002Fnotice\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Site Name, Site Icon, and Site URL\u003C\u002Fh4>\n\u003Cp>When you activate and set up the plugin, it sends the site name, icon, and URL to LoginShield. This information is later displayed in the LoginShield app during login. If you deactivate or uninstall the plugin, and want to delete this information, you can visit \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginshield.com\u003C\u002Fa> to delete your LoginShield account where this information is stored.\u003C\u002Fp>\n\u003Ch4>User Name and Email\u003C\u002Fh4>\n\u003Cp>When a user activates LoginShield in their profile settings, their name and email address are sent to LoginShield to register the user.\u003C\u002Fp>\n\u003Cp>This information is later used by LoginShield for service-related communication with the user, such as our phishing protection feature. We DO NOT sell or share this information with anyone else, except as required by law. If the user deactivates LoginShield, and wants to delete this information, the user can visit \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginshield.com\u003C\u002Fa> to delete their LoginShield account.\u003C\u002Fp>\n\u003Ch4>Client ID\u003C\u002Fh4>\n\u003Cp>When you activate the plugin, the plugin registers itself with LoginShield and receives a unique client ID. This client ID is then associated with the site name, icon, and URL, and is used to identify the WordPress site to LoginShield in all further backend communication, and is required so that users will be able to continue to log in even when you change the site name.\u003C\u002Fp>\n\u003Ch4>Realm-Scoped User ID\u003C\u002Fh4>\n\u003Cp>When a user activates LoginShield in their profile settings, a unique user id is generated and sent to LoginShield to register the user. This user id is NOT the same as the user’s WordPress user id, and is required so that a LoginShield user will be able to continue to log in even when they change their email address. If the user deactivates LoginShield, and wants to delete this information, the user can visit \u003Ca href=\"https:\u002F\u002Floginshield.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginshield.com\u003C\u002Fa> to delete their LoginShield account.\u003C\u002Fp>\n","LoginShield for WordPress is the secure and convenient way to login to your WordPress site. It's easy to use and protects users against password  &hellip;",10,7744,0,"2022-02-07T16:57:00.000Z","5.9.13","4.4","5.2",[19,20,21,22,23],"2-factor","2fa","authentication","login","phishing","https:\u002F\u002Floginshield.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginshield.v1.0.16.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"cryptium",1,30,84,"2026-04-04T14:10:20.661Z",[37,57,76,99,121],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":13,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":56},"emlg-tfa","EMLG TFA","1.1","wprj","https:\u002F\u002Fprofiles.wordpress.org\u002Fwprj\u002F","\u003Cp>When logging in, users will be required to enter a verification code that is sent to the email address associated with their WordPress account.\u003C\u002Fp>\n\u003Cp>The feature will not actually be active after the plugin installation, until one site administrator managed to successfully send a test email.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Login email template\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can edit the template used when sending the login email to match your site design. But the template must contain the \u003Ccode>%CODE%\u003C\u002Fcode> placeholder otherwise it will not be saved. This string will be replaced by the actual code when a user log into your site\u003C\u002Fp>\n","Two-factor authentication via out of band email",882,"2023-02-24T09:00:00.000Z","6.1.10","6.0","7.4",[51,20,52,53,22],"2-factor-authentication","email-login","email-two-factor-authentication","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femlg-tfa.1.1.zip","2026-03-15T15:16:48.613Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":13,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":67,"requires_at_least":48,"requires_php":68,"tags":69,"homepage":73,"download_link":74,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":56},"secured-wp","Secured WP","2.3.2","wpsecuredcom","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpsecuredcom\u002F","\u003Cp>Adds layer of security for your WordPress site. Adds custom login page slug, enables 2FA, removes security issues. Adds remember device, counts login attempts and lock usernames if the password is wrong. Out of band e-mail is also supported – instead of entering codes, your user can use simple login link from within their e-mail client.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WooCommerce is also supported for 2FA, just enable the plugin and all your customers will be asked to enable two-factor authentication.\u003C\u002Fp>\n\u003Cp>List with currently supported features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Login redirection\u003C\u002Fstrong> – redirects the default wp-login.php to a slug of your choice\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login attempts\u003C\u002Fstrong> – counts the unsuccessful attempts, and locks user if there are too many\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA settings\u003C\u002Fstrong> – gives the ability to use two factor authentication and Out Of Band email link\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remember devices\u003C\u002Fstrong> – current device could be remembered for given amount of days and user wont be asked to login again before that\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Removes XML-RPC\u003C\u002Fstrong> from your WordPress site\u003C\u002Fli>\n\u003Cli>Custom shortcode ([wps_custom_settings]) can be used to give the users without access to the dashboard to setup the 2FA\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Login Redirection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can change the default wp-login.php to slug of your choice. That will prevent most common hacker attacks and will harden your WordPress installation. You can redirect the original wp-login.php to the slug of your choice.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2FA login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enable two-factor authentication for your WordPress site, and to enforce your website users, or some of them to use 2FA. Next time user logins s\u002Fhe will be asked to enable the 2FA using their favorite application. Once the process is completed, every time the user logs, s\u002Fhe will be asked to provide the 2FA code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This gives you the ability to prevent brute force attacks if the hacker knows the username and tries to guess the password. With this enabled, after the given amount of tries that specific user will be marked as locked, and any further attempt to use that username for login will be postponed for given amount of time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remember device setting\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With that, user can use given device for the given amount of days without being asked to reenter the username\u002Fpass. The devices can be removed or checked from the default user settings page.\u003Cbr \u002F>\nThat setting is based on current setting (global) for the current moment, which means that when the day value (in settings) is changed globally, that wont reflect the already set cookies and user devices.\u003Cbr \u002F>\nExample: If you set that to 10 days and there is a user which decide to use Remember Device functionality, when you change that value to 15 days, that wont increase the time for that user. Same applies for decreasing the value.\u003C\u002Fp>\n","Add two-factor authentication (2FA) for all your users with this easy to use plugin. Harden your website login page. Add whole new layer of security.",2689,"2026-02-04T09:09:00.000Z","6.9.4","8.1",[51,20,70,71,72],"login-redirect","secure-wp","secured-wordpress","https:\u002F\u002Fwp-secured.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecured-wp.2.3.2.zip",100,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":67,"requires_at_least":89,"requires_php":49,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":97,"unpatched_count":13,"last_vuln_date":98,"fetched_at":56},"wp-2fa","WP 2FA – Two-factor authentication for WordPress","3.1.1.2","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>A free and easy-to-use two-factor authentication plugin for WordPress\u003C\u002Fh3>\n\u003Cp>Add an extra layer of security to your WordPress website login and protect your users. Enable two-factor authentication (2FA), the best protection against password leaks, automated password guessing, and brute force attacks.\u003C\u002Fp>\n\u003Cp>Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator, enforce 2FA for all your website users, or for users with specific roles. This plugin is very easy to use; everything can be configured via wizards with clear instructions, so even non-technical users can set up 2FA without requiring technical assistance.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FvRlX_NNGeFo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwp-2fa-plugin-getting-started\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Get the Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🔒 WP 2FA key plugin features and capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passkeys support\u003C\u002Fstrong> for passwordless logins   \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free two-factor authentication (2FA)\u003C\u002Fstrong> for all users  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple 2FA methods\u003C\u002Fstrong> supported, including authenticator app (TOTP) and code over email  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer API\u003C\u002Fstrong> to integrate any alternative 2FA method (WhatsApp, OTP Token, etc.)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal 2FA app support\u003C\u002Fstrong> – works with Google Authenticator, Authy, and any TOTP-compatible app  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup codes\u003C\u002Fstrong> (16 digits) for recovery access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wizard-driven setup\u003C\u002Fstrong> – no technical knowledge required  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA policies\u003C\u002Fstrong> to enforce setup with grace periods or instant activation  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API endpoints\u003C\u002Fstrong> for custom integrations and headless WordPress setups  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard-free setup\u003C\u002Fstrong> – users can configure 2FA without WP admin access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editable email templates\u003C\u002Fstrong> for full customization  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💎 Upgrade to WP 2FA Premium and get even more benefits\u003C\u002Fh3>\n\u003Cp>The premium version of WP 2FA comes bundled with even more features to take your WordPress website login security to the next level.\u003C\u002Fp>\n\u003Cp>With the premium edition of WP 2FA, you get more 2FA methods, 1-click integration with WooCommerce, trusted devices feature, extensive white labeling capabilities, and much more!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Check out WP 2FA Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Premium features list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Everything in the free version\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full white labeling capabilities\u003C\u002Fstrong> to change all text and visuals in the wizards, emails, SMS, and 2FA pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support for multiple passkeys per user\u003C\u002Fstrong> for flexible passwordless logins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-setup email 2FA\u003C\u002Fstrong> that automatically enrolls users without manual configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey hardware key support\u003C\u002Fstrong> for enterprise-grade security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Additional 2FA methods\u003C\u002Fstrong> such as SMS, email link, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted devices\u003C\u002Fstrong> so users can log in without 2FA for a configured period\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Require 2FA on password reset\u003C\u002Fstrong> to strengthen account protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow next user login without 2FA\u003C\u002Fstrong> to help recover accounts locked out of authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click WooCommerce integration\u003C\u002Fstrong> to enable 2FA for customers and store admins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WP 2FA plugin features and benefits page\u003C\u002Fa> to learn more about the benefits of upgrading to WP 2FA Premium.\u003C\u002Fp>\n\u003Ch3>🛠️ Free and premium support\u003C\u002Fh3>\n\u003Cp>Support for the free edition of WP 2FA is free on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-2fa\u002F\" rel=\"ugc\">WordPress support forums\u003C\u002Fa>. Premium world-class support via one-to-one email is available to the Premium users – \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">upgrade to premium\u003C\u002Fa> to benefit from email support.\u003C\u002Fp>\n\u003Cp>For any other queries, feedback, or if you simply want to get in touch with us, please use our \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh4>\n\u003Cp>Melapress develops high-quality WordPress management and security plugins, such as Melapress Login Security, Melapress Role Editor, and WP Activity Log; the #1 user-rated activity log plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Browse our list of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WordPress security and administration plugins\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Installing WP 2FA\u003C\u002Fh3>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to ‘Plugins’ > ‘Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘WP 2FA’\u003C\u002Fli>\n\u003Cli>Install & activate WP 2FA from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the ‘\u002Fwp-content\u002Fplugins\u002F directory’\u003C\u002Fli>\n\u003Cli>Activate the WP 2FA plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>As featured on:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fplugins\u002Fhow-to-add-two-factor-authentication-for-wordpress\u002F\" rel=\"nofollow ugc\">WP Beginner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.isitwp.com\u002Fbest-wordpress-security-authentication-plugins\u002F\" rel=\"nofollow ugc\">IsitWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Ftwo-factor-authentication-wordpress\u002F\" rel=\"nofollow ugc\">WP Astra\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmainwp.com\u002Fhow-to-use-the-wp-2fa-plugin-on-your-child-sites\u002F\" rel=\"nofollow ugc\">MainWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.fixrunner.com\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">FixRunner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.inmotionhosting.com\u002Fsupport\u002Fedu\u002Fwordpress\u002Fplugins\u002Fwp-2fa\u002F\" rel=\"nofollow ugc\">Inmotion Hosting\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmarmite.com\u002Fen\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">WP Marmite\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.",100000,1555592,94,162,"2026-02-25T13:18:00.000Z","5.5",[51,20,91,92,93],"google-authenticator","two-factor-authentication","wordpress-authentication","https:\u002F\u002Fmelapress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-2fa.3.1.1.2.zip",95,9,"2025-11-03 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":54,"download_link":119,"security_score":120,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":56},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[20,116,117,118,92],"captcha","login-security","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":67,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":138,"download_link":139,"security_score":131,"vuln_count":11,"unpatched_count":13,"last_vuln_date":140,"fetched_at":56},"miniorange-2-factor-authentication","miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)","6.2.3","miniOrange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyberlord92\u002F","\u003Cp>miniOrange WP 2FA plugin adds an extra layer of security to your WordPress website by protecting user logins from unauthorized access, brute-force attacks, and password theft.\u003C\u002Fp>\n\u003Cp>This powerful 2FA – Two-factor authentication for WordPress solution is easy to configure using a step-by-step setup wizard that supports multiple authentication methods such as Google Authenticator, Microsoft Authenticator, OTP via Email, SMS, WhatsApp, Telegram, and more.\u003C\u002Fp>\n\u003Cp>Whether you are a beginner or an advanced user, the WordPress Two Factor Authentication plugin ensures maximum security while keeping the login experience smooth and user-friendly.\u003C\u002Fp>\n\u003Cp>Quick Links: \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002F2-factor-authentication-for-wordpress-wp-2fa\" rel=\"nofollow ugc\">Official Website\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-2-factor-authentication\" rel=\"nofollow ugc\">Setup Guide\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002F2-factor-authentication-for-wordpress-wp-2fa#pricing\" rel=\"nofollow ugc\">Pricing Plans\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ffaq.miniorange.com\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>What is the WP 2FA Authenticator Plugin for WordPress?\u003C\u002Fh3>\n\u003Cp>The WP 2FA Authenticator plugin adds an extra verification step (OTP or approval) beyond your password. This two-step login process enhances security without disrupting daily operations.\u003C\u002Fp>\n\u003Cp>Easy to install and configure, this WordPress 2FA plugin helps protect your website from credential theft and unauthorized access.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FrE-awZZt13Q?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>WordPress W2FA Plugin Features (Free Version)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-2fa-settings-quick-setup-tab-wordpress#step1\" rel=\"nofollow ugc\">User Role-Based Configuration\u003C\u002Fa>:\u003C\u002Fstrong> Apply 2FA or MFA selectively based on user roles or configure it individually per user for more control over who needs additional verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-2fa-settings-quick-setup-tab-wordpress#step3\" rel=\"nofollow ugc\">Backup Access Support\u003C\u002Fa>:\u003C\u002Fstrong> Let users generate and use backup codes or email verification links to log in when their primary 2FA method is unavailable.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Guided Setup Wizard:\u003C\u002Fstrong> An intuitive step-by-step wizard makes it easy to configure and deploy 2FA—no technical skills required.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Language Support:\u003C\u002Fstrong> The plugin is translation-ready and supports major languages, including French, Spanish, Italian, and German.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free for up to 3 Users:\u003C\u002Fstrong> Includes full access to 2FA features for up to three users—ideal for small teams or personal sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize Email Templates:\u003C\u002Fstrong> Personalize OTP and 2FA emails to reflect your brand and improve user trust.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA Login Reports & IP Alerts:\u003C\u002Fstrong> Track login activity and get email alerts for logins from new IP addresses.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post-Login Redirection:\u003C\u002Fstrong> Redirect users to any page after 2FA, like a dashboard, homepage, or custom URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Labels in Authenticator Apps:\u003C\u002Fstrong> Customize the account name shown in Google Authenticator and other apps for clearer identification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-up-2fa-on-custom-login-form-wordpress\" rel=\"nofollow ugc\">2FA for Popular Login Forms\u003C\u002Fa>:\u003C\u002Fstrong> Enable 2FA on WooCommerce, Theme My Login, Elementor, and other login forms.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported WP 2FA Authentication Methods\u003C\u002Fh3>\n\u003Ch4>TOTP-Based Authentication\u003C\u002Fh4>\n\u003Cp>Compatible with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-two-factor-authentication-using-authenticator-apps\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa>:\u003C\u002Fstrong> A widely trusted TOTP app that generates rotating login codes every 30 seconds—ideal for fast and offline verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-two-factor-authentication-using-authenticator-apps\" rel=\"nofollow ugc\">Microsoft Authenticator\u003C\u002Fa>:\u003C\u002Fstrong> Easily syncs with your Microsoft account and supports time-based one-time passcodes for secure WordPress login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-two-factor-authentication-using-authenticator-apps\" rel=\"nofollow ugc\">LastPass Authenticator\u003C\u002Fa>:\u003C\u002Fstrong> Combines password management with strong 2FA protection by generating time-based codes linked to your LastPass account.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-two-factor-authentication-using-authenticator-apps\" rel=\"nofollow ugc\">Duo Authenticator\u003C\u002Fa>:\u003C\u002Fstrong> Enterprise-ready authentication app offering secure TOTP codes and push notifications for streamlined two-factor login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-two-factor-authentication-using-authenticator-apps\" rel=\"nofollow ugc\">Authy 2-Factor Authenticator\u003C\u002Fa>:\u003C\u002Fstrong> Supports multi-device syncing and cloud backups while generating secure TOTP codes for your WordPress login.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-two-factor-authentication-using-authenticator-apps\" rel=\"nofollow ugc\">FreeOTP\u003C\u002Fa>\u003C\u002Fstrong> and others\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These authenticator apps enable secure WordPress 2FA using time-based one-time passwords (TOTP).\u003C\u002Fp>\n\u003Ch4>OTP Authentication\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fotp-over-email-for-wordpress-two-factor-authentication-2fa-mfa\" rel=\"nofollow ugc\">OTP via Email\u003C\u002Fa>:\u003C\u002Fstrong> Send one-time passcodes to users directly via email for secure and convenient login verification with OTP Over Email support.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fotp-over-sms-for-wordpress-two-factor-authentication-2fa-mfa\" rel=\"nofollow ugc\">OTP via SMS\u003C\u002Fa>:\u003C\u002Fstrong> Get login codes to users through SMS for fast two-step OTP login verification on mobile devices.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Flogin-with-telegram-as-a-two-factor-method-for-wordpress\" rel=\"nofollow ugc\">OTP over Telegram\u003C\u002Fa>:\u003C\u002Fstrong> Use Telegram for OTP authentication if you prefer messaging-based login verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fwhatsapp-two-factor-authentication-setup-for-wordpress-2fa-plugin\" rel=\"nofollow ugc\">OTP over WhatsApp (Premium)\u003C\u002Fa>:\u003C\u002Fstrong> Use \u003Cstrong>WhatsApp 2FA\u003C\u002Fstrong> to send login passcodes directly to the user’s WhatsApp account for a faster and familiar authentication experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-setup-email-verification-for-2-factor-authentication-wordpress-2fa\" rel=\"nofollow ugc\">Email Verification via Link\u003C\u002Fa>:\u003C\u002Fstrong> Let users verify their login using a secure one-click email verification link—no passcode entry needed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-security-questions-for-two-factor-authentication-wordpress-2fa\" rel=\"nofollow ugc\">Security Questions\u003C\u002Fa>:\u003C\u002Fstrong> Add a personal security layer by asking predefined questions during login, ideal as a backup or secondary method.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Upgrade to miniOrange WP 2FA Premium for Advanced Security\u003C\u002Fh3>\n\u003Cp>The premium WordPress Two Factor Authentication plugin offers complete control over user authentication policies with advanced features such as unlimited OTP transactions, trusted devices, multisite compatibility, and full branding control.\u003C\u002Fp>\n\u003Cp>It is ideal for enterprises, eCommerce websites, and business-critical WordPress environments requiring strict login security.\u003C\u002Fp>\n\u003Ch3>Premium Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-2fa-settings-quick-setup-tab-wordpress#step1\" rel=\"nofollow ugc\">2FA for All Users & Roles\u003C\u002Fa>:\u003C\u002Fstrong> Enforce 2FA across your entire website or apply it selectively to specific user roles or individual users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Email OTP Transactions:\u003C\u002Fstrong> Send unlimited email-based one-time passcodes—ideal for large-scale user bases and frequent login environments.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-2fa-settings-quick-setup-tab-wordpress?select-2fa=2fa-for-specific-role#step2\" rel=\"nofollow ugc\">Role-Based 2FA Policies\u003C\u002Fa>:\u003C\u002Fstrong> Create different 2FA rules for each user role—require stronger authentication for admins while offering simpler methods for customers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-2fa-settings-quick-setup-tab-wordpress#step2\" rel=\"nofollow ugc\">User-Specific 2FA Management\u003C\u002Fa>:\u003C\u002Fstrong> Enable or disable 2FA for individual users directly from their profile or admin settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fenable-2fa-on-specific-pages-wordpress\" rel=\"nofollow ugc\">Page-Protection with 2FA\u003C\u002Fa>:\u003C\u002Fstrong> Add two-factor authentication (2FA) protection to selected pages for enhanced security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-2fa-settings-quick-setup-tab-wordpress#step3\" rel=\"nofollow ugc\">Backup Login Options\u003C\u002Fa>:\u003C\u002Fstrong> Allow users to log in using alternate methods like security questions, email-based OTP, or backup codes when the default method is inaccessible.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect After 2FA:\u003C\u002Fstrong> Send users to a specific page (dashboard, custom welcome, etc.) after completing 2FA authentication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-setup-custom-security-questions-kba-from-wordpress-wp-2fa\" rel=\"nofollow ugc\">Custom Security Questions\u003C\u002Fa>:\u003C\u002Fstrong> Set your own challenge questions to match your organization’s security policies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force 2FA Setup on Login:\u003C\u002Fstrong> Automatically prompt users to configure 2FA on their next login and restrict access until it’s enabled.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-remember-device-with-two-factor-authentication-2fa\" rel=\"nofollow ugc\">Trusted Devices Feature\u003C\u002Fa>:\u003C\u002Fstrong> Let users remember their device or browser to bypass 2FA on trusted systems for future logins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-2fa-settings-login-popup-tab-wordpress#step2\" rel=\"nofollow ugc\">Customizable Login UI\u003C\u002Fa>:\u003C\u002Fstrong> Easily style 2FA prompts and popups to match your theme and brand—no coding needed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite Compatibility:\u003C\u002Fstrong> Support for WordPress multisite networks, with 2FA settings across up to 3 subsites included.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fconfigure-2fa-settings-login-popup-tab-wordpress#step1\" rel=\"nofollow ugc\">White Labeling & Branding\u003C\u002Fa>:\u003C\u002Fstrong> Fully rebrand the login or registration forms with your logo, colors, and email templates to offer a seamless branded experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcodes for User Profile Controls:\u003C\u002Fstrong> Add 2FA management shortcodes to user account pages so users can enable, disable, or reconfigure their 2FA settings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fprevent-account-sharing-restrict-concurrent-sessions-wordpress-session-restriction\" rel=\"nofollow ugc\">Session Management Controls\u003C\u002Fa>:\u003C\u002Fstrong> Restrict users from logging in on multiple devices simultaneously to prevent unauthorized access or credential sharing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-passwordless-login-as-a-login-screen-options-wordpress-2fa\" rel=\"nofollow ugc\">Passwordless Login\u003C\u002Fa>:\u003C\u002Fstrong> Let users log in using a one-time passcode—no password required—while maintaining strong account security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-up-2fa-on-custom-login-form-wordpress\" rel=\"nofollow ugc\">Support for Custom & Third-Party Login Forms\u003C\u002Fa>:\u003C\u002Fstrong> Works seamlessly with plugins like UserPro, Login with Ajax, Theme My Login, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom SMS Gateway Support:\u003C\u002Fstrong> Integrate your own SMS gateway to send OTPs, giving you full control over delivery, cost, and sender branding.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsetup-remember-whitelist-ip-2fa-wordpress\" rel=\"nofollow ugc\">Remember IP to Bypass 2FA\u003C\u002Fa>:\u003C\u002Fstrong> Mark trusted IP addresses to skip 2FA prompts and streamline login for internal users or safe environments.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent Credential Sharing:\u003C\u002Fstrong> Restrict multiple logins from different IPs or devices, helping you enforce strict account access policies and stop sharing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-up-2fa-on-custom-login-form-wordpress?utm_source=readme&utm_medium=2fa_sg&utm_campaign=2fa_login_forms_2#step2\" rel=\"nofollow ugc\">Custom Form Integration\u003C\u002Fa>:\u003C\u002Fstrong> Add 2FA to any custom login form—even those not on the supported list—through flexible integration and custom support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to Install and Activate the WP 2FA Plugin\u003C\u002Fh3>\n\u003Ch4>Step 1: Install and Activate\u003C\u002Fh4>\n\u003Cp>Search for the miniOrange Two Factor Authentication plugin in the WordPress marketplace and activate it.\u003C\u002Fp>\n\u003Ch4>Step 2: Enable WP 2FA from Quick Setup\u003C\u002Fh4>\n\u003Cp>Go to the Quick Setup tab, choose user roles, and save settings.\u003C\u002Fp>\n\u003Ch4>Step 3: Configure Authentication Method\u003C\u002Fh4>\n\u003Cp>Select and set up your preferred \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fstep-by-step-guide-for-wordpress-2-factor-authentication#step3\" rel=\"nofollow ugc\">2FA authentication method\u003C\u002Fa>, such as Google Authenticator, OTP over SMS, or WhatsApp 2FA, from the available options while logging into the form for the first time.\u003C\u002Fp>\n\u003Ch3>Built to Integrate Seamlessly\u003C\u002Fh3>\n\u003Cp>Two Factor Authentication – WordPress 2FA\u002FMFA plugin is compatible with \u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fhow-to-set-up-2fa-on-custom-login-form-wordpress\" rel=\"nofollow ugc\">popular plugins\u003C\u002Fa> such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>Ultimate Member\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>Elementor Pro\u003C\u002Fli>\n\u003Cli>Login With Ajax\u003C\u002Fli>\n\u003Cli>User Registration\u003C\u002Fli>\n\u003Cli>Restrict Content Pro\u003C\u002Fli>\n\u003Cli>LoginPress\u003C\u002Fli>\n\u003Cli>Registration Magic\u003C\u002Fli>\n\u003Cli>Admin Custom Login\u003C\u002Fli>\n\u003Cli>Theme My Login\u003C\u002Fli>\n\u003Cli>Profile Builder and many more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Have a form not listed here? We offer custom integration support—just reach out.\u003C\u002Fp>\n\u003Ch3>Third-Party Custom SMS Gateway for OTP via SMS\u003C\u002Fh3>\n\u003Cp>The premium version of the miniOrange Two-Factor Authentication plugin supports any third-party SMS gateway for OTP-based login via SMS. Whether you already use a custom SMS provider or need to integrate with a local\u002Fregional provider, you can easily configure it within the plugin. \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fplugins.miniorange.com\u002Fsms-email-gateways-supported-by-2fa-plugin\" rel=\"nofollow ugc\">Famous SMS gateways supported by Two Factor Authentication\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Why Register with miniOrange?\u003C\u002Fh3>\n\u003Cp>Some features like OTP via SMS or Email in the Free plugin require secure transactions credited to your miniOrange account.\u003C\u002Fp>\n\u003Cp>Most features work without registration, including:\u003Cbr \u002F>\n * Google Authenticator\u003Cbr \u002F>\n * Microsoft Authenticator\u003Cbr \u002F>\n * Security questions\u003Cbr \u002F>\n * Backup codes\u003C\u002Fp>\n\u003Cp>For customized solutions and support, contact:\u003Cbr \u002F>\n\u003Ca href=\"mailto:info@xecurify.com\" rel=\"nofollow ugc\">info@xecurify.com\u003C\u002Fa> or \u003Ca href=\"mailto:2fasupport@xecurify.com\" rel=\"nofollow ugc\">2fasupport@xecurify.com\u003C\u002Fa>\u003C\u002Fp>\n","miniOrange WP 2FA plugin adds an extra layer of security to your WordPress website by protecting user logins from unauthorized access, brute-force att &hellip;",10000,2395361,90,381,"2026-03-10T18:44:00.000Z","3.0.1","5.3.0",[51,20,91,137,77],"mfa","https:\u002F\u002Fminiorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fminiorange-2-factor-authentication.6.2.3.zip","2025-08-23 00:00:00",{"attackSurface":142,"codeSignals":209,"taintFlows":231,"riskAssessment":316,"analyzedAt":328},{"hooks":143,"ajaxHandlers":202,"restRoutes":203,"shortcodes":204,"cronEvents":208,"entryPointCount":32,"unprotectedCount":13},[144,150,155,159,163,166,171,176,179,181,184,187,190,193,195,197],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_init","loginshield_activation_redirect","admin\\class-loginshield-admin.php",76,{"type":151,"name":152,"callback":153,"file":148,"line":154},"filter","plugin_action_links_loginshield\u002Floginshield.php","loginshield_admin_setting_link",79,{"type":151,"name":156,"callback":157,"file":148,"line":158},"theme_page_templates","add_new_template",82,{"type":151,"name":160,"callback":161,"file":148,"line":162},"wp_insert_post_data","register_project_templates",83,{"type":151,"name":164,"callback":165,"file":148,"line":34},"template_include","view_project_template",{"type":145,"name":167,"callback":168,"file":169,"line":170},"rest_api_init","register_rest_api","includes\\class-loginshield-restapi.php",155,{"type":145,"name":172,"callback":173,"file":174,"line":175},"plugins_loaded","anonymous","includes\\class-loginshield.php",159,{"type":145,"name":177,"callback":173,"file":174,"line":178},"admin_enqueue_scripts",174,{"type":145,"name":177,"callback":173,"file":174,"line":180},175,{"type":145,"name":182,"callback":173,"file":174,"line":183},"admin_menu",180,{"type":145,"name":185,"callback":173,"file":174,"line":186},"show_user_profile",185,{"type":145,"name":188,"callback":173,"file":174,"line":189},"edit_user_profile",186,{"type":145,"name":191,"callback":173,"file":174,"line":192},"wp_enqueue_scripts",200,{"type":145,"name":191,"callback":173,"file":174,"line":194},201,{"type":145,"name":167,"callback":173,"file":174,"line":196},208,{"type":145,"name":198,"callback":199,"file":200,"line":201},"login_form_login","redirect_to_custom_login","public\\class-loginshield-public.php",65,[],[],[205],{"tag":206,"callback":206,"file":148,"line":207},"loginshield_login_page",87,[],{"dangerousFunctions":210,"sqlUsage":211,"outputEscaping":213,"fileOperations":13,"externalRequests":228,"nonceChecks":13,"capabilityChecks":229,"bundledLibraries":230},[],{"prepared":32,"raw":13,"locations":212},[],{"escaped":214,"rawEcho":215,"locations":216},33,4,[217,220,223,226],{"file":148,"line":218,"context":219},382,"raw output",{"file":221,"line":222,"context":219},"admin\\partials\\loginshield-login.php",36,{"file":224,"line":225,"context":219},"admin\\partials\\loginshield-plugin-setting.php",27,{"file":224,"line":227,"context":219},44,11,2,[],[232,251,259,269,277,292,300],{"entryPoint":233,"graph":234,"unsanitizedCount":32,"severity":250},"redirect_to_custom_login (includes\\class-loginshield.php:290)",{"nodes":235,"edges":247},[236,241],{"id":237,"type":238,"label":239,"file":174,"line":240},"n0","source","$_REQUEST",292,{"id":242,"type":243,"label":244,"file":174,"line":245,"wp_function":246},"n1","sink","wp_redirect() [Open Redirect]",306,"wp_redirect",[248],{"from":237,"to":242,"sanitized":249},false,"medium",{"entryPoint":252,"graph":253,"unsanitizedCount":32,"severity":250},"\u003Cclass-loginshield> (includes\\class-loginshield.php:0)",{"nodes":254,"edges":257},[255,256],{"id":237,"type":238,"label":239,"file":174,"line":240},{"id":242,"type":243,"label":244,"file":174,"line":245,"wp_function":246},[258],{"from":237,"to":242,"sanitized":249},{"entryPoint":260,"graph":261,"unsanitizedCount":32,"severity":250},"redirect_to_custom_login (public\\class-loginshield-public.php:124)",{"nodes":262,"edges":267},[263,265],{"id":237,"type":238,"label":239,"file":200,"line":264},126,{"id":242,"type":243,"label":244,"file":200,"line":266,"wp_function":246},142,[268],{"from":237,"to":242,"sanitized":249},{"entryPoint":270,"graph":271,"unsanitizedCount":32,"severity":250},"\u003Cclass-loginshield-public> (public\\class-loginshield-public.php:0)",{"nodes":272,"edges":275},[273,274],{"id":237,"type":238,"label":239,"file":200,"line":264},{"id":242,"type":243,"label":244,"file":200,"line":266,"wp_function":246},[276],{"from":237,"to":242,"sanitized":249},{"entryPoint":278,"graph":279,"unsanitizedCount":13,"severity":291},"loginshield_show_user_profile (admin\\class-loginshield-admin.php:195)",{"nodes":280,"edges":288},[281,284],{"id":237,"type":238,"label":282,"file":148,"line":283},"$_GET (x2)",203,{"id":242,"type":243,"label":285,"file":148,"line":286,"wp_function":287},"echo() [XSS]",209,"echo",[289],{"from":237,"to":242,"sanitized":290},true,"low",{"entryPoint":293,"graph":294,"unsanitizedCount":13,"severity":291},"\u003Cclass-loginshield-admin> (admin\\class-loginshield-admin.php:0)",{"nodes":295,"edges":298},[296,297],{"id":237,"type":238,"label":282,"file":148,"line":283},{"id":242,"type":243,"label":285,"file":148,"line":286,"wp_function":287},[299],{"from":237,"to":242,"sanitized":290},{"entryPoint":301,"graph":302,"unsanitizedCount":13,"severity":291},"\u003Cloginshield-login> (admin\\partials\\loginshield-login.php:0)",{"nodes":303,"edges":313},[304,306,308,311],{"id":237,"type":238,"label":239,"file":221,"line":305},28,{"id":242,"type":243,"label":285,"file":221,"line":307,"wp_function":287},38,{"id":309,"type":238,"label":282,"file":221,"line":310},"n2",29,{"id":312,"type":243,"label":285,"file":221,"line":307,"wp_function":287},"n3",[314,315],{"from":237,"to":242,"sanitized":290},{"from":309,"to":312,"sanitized":290},{"summary":317,"deductions":318},"The LoginShield plugin, version 1.0.16, presents a generally good security posture with several positive indicators.  The absence of known vulnerabilities and CVEs is a strong point, suggesting a history of stable and secure development.  The code analysis also reveals good practices such as 100% of SQL queries using prepared statements, a high percentage of properly escaped output, and no dangerous functions or file operations detected. Furthermore, the attack surface appears limited and protected, with no unprotected AJAX handlers or REST API routes, and existing entry points seem to be secured by capability checks. However, there are areas for concern. The presence of 4 taint flows with unsanitized paths, even without critical or high severity, warrants investigation. While no specific vulnerabilities are indicated by these flows, they represent potential pathways for unintended data manipulation or exposure if not carefully managed.  The lack of nonce checks on the sole shortcode is also a notable omission, potentially leaving it susceptible to CSRF attacks if it performs any sensitive actions. The plugin also makes a significant number of external HTTP requests (11), which, while not inherently insecure, increases the attack surface and reliance on external services, which could have their own security implications.",[319,322,325],{"reason":320,"points":321},"Taint flows with unsanitized paths",8,{"reason":323,"points":324},"Shortcode without nonce checks",6,{"reason":326,"points":327},"Significant external HTTP requests",3,"2026-03-16T23:33:58.775Z",{"wat":330,"direct":346},{"assetPaths":331,"generatorPatterns":338,"scriptPaths":339,"versionParams":340},[332,333,334,335,336,337],"\u002Fwp-content\u002Fplugins\u002Floginshield\u002Fadmin\u002Fcss\u002Fsnackbar.css","\u002Fwp-content\u002Fplugins\u002Floginshield\u002Fadmin\u002Fcss\u002Floginshield-admin.css","\u002Fwp-content\u002Fplugins\u002Floginshield\u002Fadmin\u002Fjs\u002Fsnackbar.js","\u002Fwp-content\u002Fplugins\u002Floginshield\u002Fadmin\u002Fjs\u002Frealm-client-browser.js","\u002Fwp-content\u002Fplugins\u002Floginshield\u002Fadmin\u002Fjs\u002Floginshield-admin.js","\u002Fwp-content\u002Fplugins\u002Floginshield\u002Fincludes\u002Futil.php",[],[334,335,336],[341,342,343,344,345],"loginshield\u002Fadmin\u002Fcss\u002Fsnackbar.css?ver=","loginshield\u002Fadmin\u002Fcss\u002Floginshield-admin.css?ver=","loginshield\u002Fadmin\u002Fjs\u002Fsnackbar.js?ver=","loginshield\u002Fadmin\u002Fjs\u002Frealm-client-browser.js?ver=","loginshield\u002Fadmin\u002Fjs\u002Floginshield-admin.js?ver=",{"cssClasses":347,"htmlComments":368,"htmlAttributes":378,"restEndpoints":388,"jsGlobals":394,"shortcodeOutput":397},[348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367],"loginshield-form","loginshield-btn","loginshield-label","loginshield-input","loginshield-title","loginshield-text","loginshield-setting-wrap","loginshield-setting-row","loginshield-setting-label","loginshield-setting-control","loginshield-setting-checkbox","loginshield-setting-input","loginshield-setting-select","loginshield-setting-button","loginshield-tooltip","loginshield-tooltip-arrow","loginshield-tooltip-content","loginshield-snackbar","loginshield-snackbar-message","loginshield-snackbar-close",[369,370,371,372,373,374,375,376,377],"\u003C!-- START: LoginShield Login Form -->","\u003C!-- END: LoginShield Login Form -->","\u003C!-- START: LoginShield User Registration Form -->","\u003C!-- END: LoginShield User Registration Form -->","\u003C!-- START: LoginShield Password Reset Form -->","\u003C!-- END: LoginShield Password Reset Form -->","\u003C!-- START: LoginShield Two Factor Authentication Form -->","\u003C!-- END: LoginShield Two Factor Authentication Form -->","\u003C!-- LoginShield Admin Settings Page -->",[379,380,381,382,383,384,385,386,387],"data-loginshield-action","data-loginshield-nonce","data-loginshield-redirect","data-loginshield-field","data-loginshield-type","data-loginshield-token","data-loginshield-url","data-loginshield-scope","data-loginshield-client-id",[389,390,391,392,393],"\u002Fwp-json\u002Floginshield\u002Fv1\u002Fauth","\u002Fwp-json\u002Floginshield\u002Fv1\u002Fregister","\u002Fwp-json\u002Floginshield\u002Fv1\u002Freset-password","\u002Fwp-json\u002Floginshield\u002Fv1\u002F2fa","\u002Fwp-json\u002Floginshield\u002Fv1\u002Fsettings",[395,396],"loginShieldSettingAjax","loginshieldSettingAjax",[398],"[loginshield_login_page]"]