Google Authenticator Two Step Login Protection

Version
Updated
Jun 17, 2018
Developer
Codecanyon
Report
Google Authenticator Two Step Login Protection
Google Authenticator Two Step Login Protection delivers bank-grade security for a WordPress plugin with time-based one-time passwords that require your phone to log in. The main benefit is guaranteed protection even if passwords are compromised, plus an auto log-out and IP-based brute-force defense for peace of mind. Easy setup, QR codes, and per-user enablement make it a smart choice.
$50.00 $1.97 -97%
Add to cart
Instant download after purchase ClamAV scanned · Clean
All-Access Membership

Make your site exactly what you imagine.

Change themes. Try new plugins. Experiment until it feels right. With full access to 20,400+ tools, you're free to build without limits.

  • 🖌️ Professional design: Give your store or blog a unique look.
  • More conversions: Use templates and plugins built to sell.
  • 🔄 Experiment freely: Switch themes and try new tools without extra cost.
  • 👶 Beginner-friendly: No experience needed—just pick and activate.
  • 📈 More downloads: Get up to 20 items daily instead of just one.

Everything included

$6.97/mo

Cancel anytime

Start building freely →
Items available 20,400+
Daily downloads up to 20
Happy customers 11,000+

Description

Google Authenticator Two Step Login Protection adds a second layer of security to your WordPress login using time-based one-time passwords (TOTP) generated by your phone. Even if a password is compromised or a user clicks “remember password” on an unsafe device, the attacker still can’t complete authentication without the freshly generated OTP.

This WordPress plugin helps protect administrators and customers with auto log-out, IP-based brute-force defense, and per-user enablement. Setup uses QR codes for quick enrollment, and the plugin includes practical recovery and management options built into a native WordPress interface.

Main Features

  • Time-based one-time passwords (TOTP) — Each login requires a new, time-limited code from the Google Authenticator app (about a 2-minute validity window).
  • Bank-grade login flow — Requires your phone and a freshly generated OTP to prevent access based on password knowledge alone.
  • Per-user two-step enablement — Turn two-factor authentication on or off for individual WordPress users.
  • QR code enrollment — QR codes are sent to new users, or you can email QR codes from the user screen.
  • Secret URL for lost phone — Use a uniquely generated URL to log in with username and password if your phone is unavailable.
  • Auto log-out protection — Automatically logs users out after a preset time; the login form opens in a lightbox for smooth re-entry.
  • IP-based brute-force defense — Blocks repeated failed attempts using ban rules to reduce bot-driven login attacks.
  • IP whitelist option — Exempt your own IP so you don’t accidentally lock yourself out during active bans.
  • Mobile app compatibility — Works with Google Authenticator apps on iPhone, iPad, Android, and BlackBerry.
  • WordPress-friendly setup — Uses a native WordPress GUI with in-line help and detailed documentation.

Benefits

  • More secure logins — OTPs prevent unauthorized access even when passwords are exposed.
  • Reduced brute-force risk — IP-based banning helps stop large numbers of bot attempts from reaching login forms.
  • Lower account exposure — Auto log-out reduces the chance someone continues using an unlocked admin session.
  • Better user experience — Lightbox re-authentication helps users regain access without losing their place.
  • Controlled rollout — Per-user settings support staged adoption across WordPress roles and accounts.
  • Smoother onboarding — QR codes and bulk email delivery make it easier for users to enroll their phones.

Who is it suitable for?

  • WooCommerce store owners and administrators who manage customer accounts and sensitive settings.
  • WordPress site owners running member areas, subscriptions, or gated access.
  • Agencies and freelancers managing multiple WordPress client sites.
  • Teams that need stronger protection for admin accounts and role-based access.
  • Community platforms and blogs with many registered users.
  • Online businesses migrating from single-factor logins to two-step authentication.