This site uses cookies for analytics and to improve your experience. By clicking Accept, you consent to our use of cookies. Learn more in our privacy policy.

Two-Factor Extend

Two Factor Extend

Enterprise-grade security features for the Two-Factor plugin. Forced 2FA, login limits, IP lockout, and audit logging \u2014 all free.

100% free \u00b7 No upsells \u00b7 Works with any 2FA method \u00b7 Requires Two-Factor plugin

\u2b07 Download Free on WordPress.org
\u1f440 View Live Demo

Why Add Extra Security to Two-Factor Authentication?

The official Two-Factor plugin adds 2FA to WordPress, but it lacks critical security features that real-world sites need. Two Factor Extend fills the gap with forced 2FA enforcement, brute force protection, IP management, and comprehensive audit logging \u2014 all free and open source.

Key Features

Core Security Enhancements

\u1f512

Forced 2FA

Require all users (or specific roles) to enable two-factor authentication. Set grace periods before enforcement kicks in.

\u1f6ab

Login Attempt Limits

Lock out users after a configurable number of failed login attempts. Rate-limit brute force attacks automatically.

\u1f310

IP Lockout & Whitelist

Block IPs after repeated failures. Whitelist trusted IPs (office network, VPN) to bypass 2FA entirely.

\u1f517

Custom Login URL

Change wp-login.php to a custom URL. Reduce automated attack surface \u2014 bots can’t attack what they can’t find.

User Management Features

\u1f4f1

Trusted Devices

Let users mark devices as trusted. Skip 2FA on recognized browsers for a configurable period (7/14/30 days).

\u1f4e7

Login Notifications

Email users when their account is accessed from a new device or location. Early warning for compromised credentials.

\u23f3

Grace Periods

Give new users time to set up 2FA before enforcement. Customizable per user role \u2014 admins can have different rules than subscribers.

Audit & Monitoring

\u1f4cb

Audit Log

Track every 2FA-related event: setups, failures, bypasses, IP lockouts. Filter by user, action, or date range.

\u1f4ca

Dashboard Widget

See security stats at a glance from your WordPress dashboard. Active 2FA users, recent lockouts, pending enforcements.

\u1f464

User Profile Integration

Manage 2FA settings directly from the user profile page. Admins can reset 2FA for locked-out users.

Compatibility & Requirements

Two Factor Extend requires the official Two-Factor plugin (free on WordPress.org). It works with all 2FA methods: TOTP (Google Authenticator, Authy), FIDO U2F security keys, email codes, and backup codes. Compatible with all WordPress themes and most security plugins.

How to Install & Set Up Two Factor Extend

Get started in under 5 minutes:

1

Step 1 \u2014 Install the Two-Factor plugin \u2014 Go to Plugins \u2192 Add New and search for “Two-Factor” by the WordPress Core Contributors. Install and activate it first.

2

Step 2 \u2014 Install Two Factor Extend \u2014 Search for “Two Factor Extend” in Plugins \u2192 Add New, or download from WordPress.org.

3

Step 3 \u2014 Activate both plugins \u2014 Two-Factor must be active. Two Factor Extend will add its settings menu automatically.

4

Step 4 \u2014 Configure security rules \u2014 Go to Settings \u2192 Two Factor Extend. Set forced 2FA roles, login attempt limits, and IP lockout thresholds.

Frequently Asked Questions

Do I need the original Two-Factor plugin?

Yes. Two Factor Extend is an add-on \u2014 it requires the official Two-Factor plugin to be installed and active. Both are free on WordPress.org.

What happens if a user loses their 2FA device?

Admins can reset 2FA for any user from the WordPress admin panel. Backup codes (if enabled) also provide a recovery path.

Will this lock me out of my own site?

No. IP whitelist your own IP first, and configure grace periods before enforcing 2FA. We recommend testing on a staging site first.

Does this work with WooCommerce or membership sites?

Yes. 2FA enforcement works for all WordPress user roles, including WooCommerce customers and membership site subscribers.

Is this plugin compatible with Wordfence or other security plugins?

Generally yes. Avoid enabling login attempt limits in both plugins simultaneously to prevent conflicts. Choose one plugin to handle rate limiting.

\u1f680 Ready to Protect Your WordPress Site?

Download Two Factor Extend free from WordPress.org. No registration, no credit card, no upsells.

\u2b07 Download Free on WordPress.org

7 queries in 0.248 seconds