WordPress Two-Factor Authentication: the free AIFORYA 2FA plugin
Secure WordPress login with two-factor authentication (TOTP code) and backup codes. Free plugin, 100% local, no API key.

Protect your site's login, even if a password is stolen.
AIFORYA Two-Factor Authentication adds a second check to the WordPress login: in addition to the password, a temporary 6-digit code, generated by an authenticator app, is required. Even if a password leaks, the account stays protected. All of it locally, with no API key, no external service — and for free, with no time limit.
- Free and complete: TOTP temporary codes, guided activation and backup codes included.
- 100% local: the key and codes are stored in your WordPress database, verification is local.
- Universal: compatible with all standard authenticator apps.
Why the password alone is no longer enough
Passwords leak — through reuse, phishing or third-party database breaches. Yet a single compromised administrator account is enough to endanger an entire WordPress site. Two-factor authentication breaks this fragility: to log in, you now need something you know (the password) and something you have (your phone). An attacker who has your password stays blocked.
It is today the security measure with the best effort/protection ratio. AIFORYA Two-Factor Authentication makes it accessible in a few minutes, with guided activation and backup codes to never get locked out.
What the plugin does
- Temporary codes (TOTP) — compatible with all standard apps: Google Authenticator, Microsoft Authenticator, Authy, FreeOTP, etc.
- Guided activation — the key and a setup link are displayed to add the account to your app in a few seconds.
- Backup codes — ten single-use codes to log in without your phone, with regeneration possible at any time.
- Field built into the login — the code is entered directly on the login page, with your username and password.
How it does better than competing free plugins
| AIFORYA Two-Factor Authentication | Common free plugins | |
|---|---|---|
| Backup codes | Ten codes included, regenerable | Sometimes limited or paid |
| Compatible apps | All standard TOTP apps | Same, but often less guided |
| Privacy | 100% local, key stored on your site | Sometimes external service required |
| Activation | Guided, with immediate verification | Often more technical |
| API key / account | None | Sometimes required |
Install in 2 minutes
- Download the plugin here (or install it from WordPress.org).
- Activate it from the Plugins menu.
- Open the AIFORYA Two-Factor Authentication menu, Setup tab, click Enable, add the displayed key to your app, then enter the code to confirm.
- Keep the displayed backup codes safe.
From the next login, a "Verification code" field protects access to your site.
Questions fréquentes
Historique des mises à jour
- v1.0.0
Initial release: TOTP temporary codes compatible with standard apps, guided activation, ten single-use backup codes with regeneration, and a verification field built into the login page.
Une question ? Contactez-nous.