Secure My WP Site – Email 2FA

Add email-based two-factor authentication to your WordPress site for an additional layer of security during login.

Prerequisites

Before using the plugin:

  1. Secure My WP Site – Login plugin must be installed and activated

Core Features

  • Email-based verification codes
  • Configurable code expiry time
  • Role-based exemptions
  • Custom redirect after verification
  • Clean user interface
  • Session tracking
  • Limited attempt system (3 tries)
  • Automatic code expiration
  • Secure email delivery
  • Remember me support

Quick Start

  1. Upload the plugin files to /wp-content/plugins/secure-my-wp-site-email-2fa
  2. Make sure Secure My WP Site – Login plugin is installed and activated
  3. Activate the plugin through WordPress admin
  4. Use the Email 2FA settings page to configure code expiry and redirect settings
  5. 2FA protection begins immediately after activation

Verification Page

The plugin automatically creates:

  • 2FA Verification Page
  • Contains verification form
  • Handles code validation
  • Manages verification process
  • Supports resending codes

Shortcode

[smwps_2fa_verification_form]

Configuration Options

Code Settings

  • Code Expiry Time: Set how long codes remain valid (1-60 minutes)
  • Default Time: 5 minutes
  • Attempts: 3 tries per code before requiring new code
  • Format: 6-digit numeric codes

Role Settings

  • Choose which user roles are exempt from 2FA
  • Granular role control
  • Easy role management
  • Default: No exemptions

Redirect Settings

  • Set custom redirect URL after verification
  • Full URL required (HTTPS recommended)
  • Optional – defaults to user’s destination

Admin Features

2FA Management

  • Enable/disable 2FA globally
  • Configure code settings
  • Manage role exemptions
  • Monitor verification status

Security Features

  • Unique verification codes
  • Limited attempts tracking
  • Code expiration enforcement
  • Secure session handling
  • HTTPS redirect support

Integration Support

  • Works with Secure My WP Site – Login plugin
  • Compatible with major page builders
  • Works in both admin and frontend
  • Supports custom login pages

Troubleshooting Common Issues

  1. Plugin Not Activating
    • Verify Secure My WP Site – Login is installed and active
    • Check PHP version requirement
    • Ensure WordPress version is compatible
  2. Email Not Received
    • Check spam folder
    • Verify email settings
    • Try resending code
  3. Verification Failed
    • Check attempts remaining
    • Verify code hasn’t expired
    • Request new code if needed

Security Best Practices

  1. Keep code expiry time reasonable (5-15 minutes)
  2. Use HTTPS for all login-related pages
  3. Monitor failed verification attempts
  4. Regularly review exempt roles
  5. Keep plugin updated

Requirements

  • WordPress 5.0 or higher
  • PHP 7.4 or higher
  • Modern web browser with JavaScript enabled
  • Secure My WP Site – Login plugin installed and activated

License

GPLv2 or later

Scroll to top