Beschreibung
Ein kostenloses und benutzerfreundliches Plugin zur Zwei-Faktor-Authentifizierung für WordPress
Füge eine zusätzliche Sicherheitsebene zur Anmeldung auf deiner WordPress-Website hinzu und schütze deine Benutzer. Aktiviere die Zwei-Faktor-Authentifizierung (2FA), den besten Schutz gegen Passwortlecks, automatisches Erraten von Passwörtern und Brute-Force-Angriffe.
Verwende das WP 2FA-Plugin, um die Zwei-Faktor-Authentifizierung für deinen WordPress-Administrator zu aktivieren und um deine Website-Benutzer oder Benutzer mit einer bestimmten Rolle zur Verwendung von 2FA zu zwingen. Dieses Plugin ist sehr einfach zu bedienen; alles kann über Assistenten mit klaren Anweisungen konfiguriert werden, so dass auch technisch nicht versierte Benutzer 2FA ohne technische Unterstützung einrichten können.
Funktionen | Erste Schritte | Hol dir Premium!
🔒 WP 2FA key plugin features and capabilities
- Passkeys support for passwordless logins
- Free two-factor authentication (2FA) for all users
- Multiple 2FA methods supported, including authenticator app (TOTP) and code over email
- Developer API to integrate any alternative 2FA method (WhatsApp, OTP Token, etc.)
- Universal 2FA app support – works with Google Authenticator, Authy, and any TOTP-compatible app
- Backup codes (16 digits) for recovery access
- Wizard-driven setup – no technical knowledge required
- 2FA policies to enforce setup with grace periods or instant activation
- REST API endpoints for custom integrations and headless WordPress setups
- Dashboard-free setup – users can configure 2FA without WP admin access
- Editable email templates for full customization
- Much more!
💎 Upgrade to WP 2FA Premium and get even more benefits
Die Premium-Version von WP 2FA bietet noch mehr Funktionen, um die Sicherheit der Anmeldung deiner WordPress-Website auf die nächste Stufe zu heben.
Mit der Premium-Edition von WP 2FA erhältst du mehr 2FA-Methoden, eine 1-Klick-Integration mit WooCommerce, eine Funktion für vertrauenswürdige Geräte, umfangreiche White-Labeling-Funktionen und einiges mehr!
Liste der Premiumfunktionen
- Everything in the free version
- Full white labeling capabilities to change all text and visuals in the wizards, emails, SMS, and 2FA pages
- Support for multiple passkeys per user for flexible passwordless logins
- Zero-setup email 2FA that automatically enrolls users without manual configuration
- YubiKey hardware key support for enterprise-grade security
- Additional 2FA methods such as SMS, email link, and more
- Trusted devices so users can log in without 2FA for a configured period
- Require 2FA on password reset to strengthen account protection
- Allow next user login without 2FA to help recover accounts locked out of authentication
- One-click WooCommerce integration to enable 2FA for customers and store admins
- And much more!
Auf der Seite WP 2FA Plugin Funktionen und Vorteile (engl.) findest du weitere Informationen über die Vorteile eines Upgrades auf WP 2FA Premium.
🛠️ Free and premium support
Der Support für die kostenlose Version von WP 2FA ist in den WordPress-Supportforen kostenlos. Premium-Benutzern steht ein erstklassiger Support per E-Mail zur Verfügung – ein Upgrade auf Premium gewährt dir E-Mail-Support.
Für weitere Fragen, Feedback oder wenn du einfach mit uns in Kontakt treten möchtest, benutze bitte unser Kontaktformular.
GEPFLEGT UND UNTERSTÜTZT VON MELAPRESS
Melapress develops high-quality WordPress management and security plugins, such as Melapress Login Security, Melapress Role Editor, and WP Activity Log; the #1 user-rated activity log plugin for WordPress.
Durchsuche unsere Liste der WordPress Sicherheits- und Administrations-Plugins (engl.), um zu sehen, wie unsere Plugins dir helfen können, die Sicherheit und Administration deiner WordPress-Websites und Benutzer besser zu verwalten und zu verbessern.
Installation von WP 2FA
Aus WordPress heraus
- Navigiere zu ‚Plugins > Neues Plugin hinzufügen‘
- Suche nach ‚WP 2FA‘
- Installiere und aktiviere WP 2FA von deiner Plugins-Seite
Manuell
- Lade das Plugin aus dem WordPress-Plugin-Repository herunter
- Entpacke die Zip-Datei und lade den Ordner in das Verzeichnis /wp-content/plugins/ hoch
- Aktiviere das WWP 2FA-Plugin über das Menü ‚Plugins‘ in WordPress
Vorgestellt auf:
Screenshots











FAQ
Sendet das Plugin irgendwelche Daten an Melapress?
No, the plugin does not send any data to us whatsoever. The only data we receive is license data from the premium edition of the plugin.
Welche 2FA-Methoden sind mit dem Plugin verfügbar?
The free edition of WP 2FA includes the following 2FA methods: Authenticator app 2FA and code over email. This allows you to use Google Authenticator OTP The premium edition adds YubiKey, one-click email link, SMS 2FA, and Authy push notifications.
How can I integrate two-factor authentication (2FA) into my custom login process or AJAX-based form?
WP 2FA includes a REST API that allows developers to enable and verify 2FA during custom authentication flows, such as AJAX-based login forms, mobile apps, or headless WordPress websites. Refer to the REST API in WP 2FA documentation for more information.
Wie kann ich sicherstellen, dass ich nicht ausgesperrt werde?
WP 2FA includes backup authentication methods so that if the primary authentication method fails, you and your users can still log in. The free version of the plugin includes backup codes, which can be configured during 2FA configuration or at any point after that from the profile page. The premium edition adds 2FA backup codes over email.
Was passiert, wenn ich mich ausgesperrt habe?
In the unlikely event that you are unable to supply your 2FA code, there are several steps you can take to gain access to your WordPress dashboard. First, check if there is another administrator who can reset your 2FA. If this is not possible, manually deactivate the plugin, log in without 2FA, re-activate the plugin, and then reconfigure your 2FA.
Unterstützt WP 2FA Multisite-Netzwerke?
Yes, WP 2FA is multisite compatible. The plugin can be activated at the network level. 2FA policies can be enforced on all users, a subsection of users, or per site on the network. It also supports network setups with different domains.
Erhält dieses Plugin Aktualisierungen?
Wir aktualisieren das Plugin in regelmäßigen Abständen, um sicherzustellen, dass das Plugin weiterhin einwandfrei funktioniert und fügen von Zeit zu Zeit neue Funktionen hinzu.
Unterstützt das Plugin Google Authenticator?
Ja, WP 2FA unterstützt Google Authenticator auf WordPress vollständig. WP 2FA unterstützt auch viele andere 2FA-Authentifikator-Apps.
Kann ich Unterstützung bekommen, wenn ich nicht weiterkomme?
Der Support für die kostenlose Version des Plugins wird ausschließlich über die WordPress.org-Supportforen geleistet. Du kannst auch auf unseren Support-Seiten alle technischen Unterlagen und Produktdokumentationen nachlesen.
Wenn du die Premium-Edition nutzt, erhältst du direkten Zugang zu unserem Support-Team über einen persönlichen E-Mail-Support.
Wie kann ich Sicherheitslücken melden?
You can report security bugs through the Patchstack Vulnerability Disclosure Program. Please use this form. For more details, please refer to our Melapress plugins security program.
Rezensionen
Mitwirkende und Entwickler
„WP 2FA – Two-factor authentication for WordPress“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:
Mitwirkende„WP 2FA – Two-factor authentication for WordPress“ wurde in 14 Sprachen übersetzt. Danke an die Übersetzer für ihre Mitwirkung.
Übersetze „WP 2FA – Two-factor authentication for WordPress“ in deine Sprache.
Interessiert an der Entwicklung?
Durchstöbere den Code, sieh dir das SVN-Repository an oder abonniere das Entwicklungsprotokoll per RSS.
Änderungsprotokoll
4.0 (2027-07-07)
-
New User Interface (UI)
- A completely redesigned plugin interface, offering improved navigation, a more streamlined setup experience, better organization of settings, and a modern design.
Important: Switching to the new interface is a one-way process. New installations use the new interface by default, while upgrades retain the current interface and can switch at any time via a new Switch to the new WP 2FA Interface setting under General Settings.
-
New Features & functionality
- Added an Export table as CSV feature in the Reports, allowing administrators to export 2FA status data for analysis and reporting.
-
Verbesserungen
- The „learn more about backup codes“ URL shown on the user profile is now editable via white labeling, allowing brands to replace or remove the default link.
- Updated the bundled Select2 library to a more recent and secure version.
- Hardened the shortcode
returnparameter handling to use proper URL validation instead ofstrip_tags(), preventing potential URL manipulation. - Updated the SSL check to use wp_die() instead of bare exit() calls for safer request termination.
- Refreshed the install wizard copy across all four slides for clearer, more welcoming language and consistent use of the term „secondary 2FA method“ instead of „alternative“.
- Improved the libxml missing extension notice (required for TOTP method) with a clearer, more actionable message directing users to their hosting provider.
- Moved the main **2FA code page text* * field to the top of the White Labeling Customize 2FA code page tab,
- Shortened the default SMS templates on fresh installs to stay under 160 characters, improving deliverability with strict carriers while remaining Twilio-compliant.
- The verification code input on the 2FA login screen is now auto-focused, so users can start typing their code immediately without clicking into the field.
- The
{login_code}placeholder now also works in email subject lines, not only in the email body. - Improved feedback on the 3rd party integrations page: verification modals for Twilio, Clickatell, and all other providers are now consistently styled and show clear error messages when credentials are empty or invalid.
- Verified 3rd party integration credentials are now automatically saved on successful validation, so they persist after a page refresh.
- Declared WooCommerce compatibility with HPOS, Cart/Checkout Blocks, and the Product Block Editor, so WP 2FA no longer appears as „uncertain“ in the WooCommerce compatibility dashboard.
- Removed
declare(strict_types=1)from all files to improve compatibility with WordPress hooks and prevent intermittent TypeError fatals when filters or actions pass loosely-typed values. - Removed a large block of commented-out legacy code from
wp-2fa.phpfor cleaner code and easier maintenance. - Fixed inconsistent text domain usage in the deactivation class (was
'textdomain', now correctly uses'wp-2fa'), ensuring all deactivation strings are translatable. - Updated the deactivation feedback form to version 1.1.
- Refactored the plugin’s licensing architecture to improve maintainability and support future enhancements.
- Removed the Quick Links feature from the plugin, along with its underlying code.
- Removed the Survey and Changelog banners from the plugin UI.
- Removed an obsolete white labeling option under Method selection.
- Added a check when enabling the „Use custom logo“ option: if no logo has been uploaded, a clear error message is now shown pointing to the 2FA code page design settings.
- Removed the unecessary „Activate free version“ button from Premium licensing prompt.
- Improved custom CSS handling for buttons on the user profile area, so all WP 2FA buttons consistently pick up plugin styling (or the user’s custom CSS overrides) instead of falling back to WordPress defaults inconsistently.
- Added help text under all subtitles on White Labeling Customize 2FA code page Edit content, providing a short description for each rich-text field.
- Added missing hint help text on the Customize setup wizard page for the Email (HOTP), Yubico, Clickatell, Twilio, and Authy methods, explaining what the hint field controls during 2FA setup.
- Added an upgrade modal that explains the benefits of full white labeling when users click locked white labeling options.
- Passkeys can now be revoked only by the person who generated them instead of other site administrators.
-
Bug fixes
- Fixed: The WooCommerce
/my-account/{2fa-endpoint}/URL returned a 404 after any rewrite rules flush triggered from an admin request (e.g. saving Settings Permalinks). - Optimized performance by removing unnecessary front-end checks for an expired event banner.
- Fixed:
wp_delete_postwas being called with a post ID of 0 when saving settings under WordPress 6.9, triggering a_doing_it_wrong()notice and causing 500 errors on sites using Acorn / Sage. - Fixed: PHP Deprecated
htmlspecialchars(): Passing null to parameter #1shown inside the SMS template boxes on PHP 8.3 with WordPress 6.9.4+. - Fixed: PHP Deprecated
Automatic conversion of false to arrayin the Authy and role settings controller extensions on PHP 8.3 multisite installations. - Fixed: PHP Notice
Function WP_Scripts::add was called incorrectly. The script with the handle "wp_2fa_yubico" was enqueued with dependencies that are not registered: wp2fa-dialogin WordPress 6.9.1+. - Fixed: The Locked user status was not displayed next to a user after their grace period expired and they attempted to log in again.
- Fixed: Users who configured 2FA voluntarily (without being enforced by a policy) were shown as Configured instead of the correct Configured (but not required) status.
- Fixed: Users not covered by 2FA enforcement were shown as „User has not logged in yet, 2FA status is unknown“ instead of „Not required“.
- Fixed: Passkeys were always counted as 0 on the Reports page, regardless of how many passkeys had actually been registered.
- Fixed: Horizontal scrolling caused by the encryption and enforcement dashboard notices when viewing WP 2FA admin pages.
- Fixed: CSS selectors that started with a number (e.g.
#2fa-user-global-configuration) have been renamed to valid,wp-2fa-prefixed selectors for consistency and to work correctly with SCSS/LESS preprocessors. - Fixed: The FlyOut remote configuration fetch is now respectful of user preferences, aligning better with WordPress.org compliance expectations.
- Fixed: The WooCommerce
-
Breaking changes
- JSON settings exports created in versions earlier than 4.0 cannot be imported to a version 4.0 install. Recreate the settings export using version 4.0.
- Email template customization is now available as an Enterprise feature. Existing custom email templates will continue to work without interruption.
Im vollständigen Plugin-Änderungsprotokoll findest du detaillierte Informationen darüber, was in früheren Versions-Updates von WP 2FA neu hinzugefügt, verbessert und behoben wurde.
