WordPress 2-Step Verification plugin

WordPress 2-Step Verification (WP2SV) is a fantastic new security plugin. (FYI: There’s another Google Authenticator plugin that allows app-specific passwords but doesn’t have email as a 2-factor authentication option, which I fancy.)

It uses Google’s 2-step authentication (video describing the concept is below) for your WordPress logins.

Featured Plugin - WordPress Google Maps Plugin

Simply insert google maps into posts, sidebars and pages - show directions, streetview, provide image overlays and do it all from a simple button and comprehensive widget.
Find out more

Initial Setup

Initial setup is easy. Go to Users -> 2-Step Verification and click the verification method you prefer (Android, iPhone, or BlackBerry and/or email).

After you’ve successfully added one, there will be a big button (you can’t miss it) to click to activate 2-factor authentication for this WordPress user.

Each user can only have a single mobile device but can have both a mobile device and an email address setup for 2-step authentication. The Google Authenticator Android app and iOS app are very easy to use and don’t even require a data connection.

Featured Plugin - WordPress Infinite SEO Plugin

Fully integrated with the SEOMoz API, complete with automatic links, sitemaps and SEO optimization of your WordPress setup - this is the only plugin you need to help you rank your site number 1 on Google - nothing else compares.
Find out more


If you enter the wrong authentication code (a typo), it won’t let you try to enter that same code again. You’ll need to generate a new code (or click to send a new email).

The 2-step verification setting is activated per user, not site-wide. So if one user turns it on, it doesn’t lock out everyone else who hasn’t setup 2-factor authentication yet.

It works for all user levels, from Subscriber to Administrator.

Watch Out

If you remove your active verification (mobile and/or email) but do not click to deactivate 2-step authentication, you’ll get locked out.

If this accident happens, you can go into PHPMyAdmin and find the ‘wp2sv_enabled’ meta_key in the wp_usermeta database table. Then just delete the row (not change the meta_value) and 2-step verification will be turned off for that user.

Featured Plugin - WordPress Q&A Site Plugin

It's now incredibly easy to start your own Q&A site using nothing more than WordPress - The Q&A plugin simply and brilliantly transforms any site, or page, into a perfect support or Q&A environment.
Find out more

Final Thoughts

The plugin is fully functioning, and I’m sure it will get some tweaks as more people download it.

Maybe it’ll even be enhanced in a way that forces the 2-step verification for all users, including setting it up as part of the new WordPress user registration process. How do you like that idea?

Overall, it’s a great tool to add an extra layer of security to one of the easiest WordPress security exploits — your username and password combination — especially for sites that don’t have HTTPS logins.

Credit: screenshots from the plugin’s WordPress.org page

Featured Plugin - WordPress Wiki Plugin

To get a wiki up and running you used to need to install Mediawiki and toil away for days configuring it... not any more! This plugin gives you *all* the functionality you want from a wiki, in WordPress!!!
Find out more

Comments (6)