2FAS Classic – Two Factor Authentication


Secure your WordPress Administration area with 2FAS Classic plugin

Each time you log in to the WordPress admin area, you will be requested by the system to provide an additional way of authentication in the form of TOTP codes.
To secure your mobile phone from loss or apps being deleted, you can generate a list of once-off backup codes, or pin a credit card to the system, and receive codes via SMS or VMS.
2FAS is available to all users as soon as it’s installed and registered. Registration is needed because the 2FAS Classic plugin communicates with the powerful 2FAS API.
That gives an opportunity to make authentications, send text messages, make automated voice calls and many more.

If you want to go beyond the basic plugin. Go for our upgraded plugin 2FAS Prime. Advantages of 2FAS Prime plugin:
– No registration required
– Easy to set up
– Simple to use
– Free

If you use 2FAS Authenticator App, the 2nd stage of user verification can be carried out by confirming the login on your phone without the need to re-type the token in the browser (Push Notifications).
2FA Authenticator can be configured for any TOTP based Authentication Method for providing an additional layer of security of Two Factor Authentication(2FA).

2FAS plugin works perfectly with 2FAS Authenticator app but supports also other 2FA apps based on TOTP (Time-Based One-Time Password).

We use third party services to make this plugin work:
https://2fas.com – for authentication requests and communication with a mobile app
https://pusher.com – for a realtime feedback in a browser

Get instant protection against:

Brute-force attacks

It happens that the encrypted password for the portal is hacked due to outdated software or plugins. It is only a matter of time before the encoded hash password will be decrypted and will appear online. You don’t have to worry about it if you use the 2FAS Classic plugin. Even if the attacker knows your password, he still has to enter the one-time token generated by 2FAS App to gain access to your account.

WordPress takeovers

Many people use the same password or a similar password for many online services. ‘Weak’ and repeatedly used passwords remain a major cybersecurity vulnerability. You effectively reduce that risk when you carefully choose your passwords and enable Two Factor Authentication with the 2FAS Prime plugin.

Phishing and keylogger attacks

Enable the 2FAS Classic to protect your WordPress site and make sure that the devices used by you or other users are completely free of keyloggers and viruses.
Any password discovery attempt is useless with 2FAS. Without your token generated by the 2FAS app or other 2FA app., conventional access to your WordPress site is almost impossible.


For more information check out our website at https://2fas.com

If you need our support, please contact us at support@2fas.com


  • The first step of the login process — providing the login and the password.
  • The second step of the login process — providing the token on an untrusted device.
  • Configuring the two-factor authentication in the 2FAS plugin.
  • Code required on the second step of the login process is generated by a mobile application.


  1. Log in to your WordPress administration area and go to the “Plugins” menu option on the left side.
  2. Click the “Add New” button at the top of the page.
  3. Search for “2FAS Classic” and click the “Install Now” button.
  4. When 2FAS successfully installs, click the “Activate Plugin” link.
  5. Go to the 2FAS Dashboard menu option and create 2FAS account.
  6. Follow the steps of the plugin wizard (scan the QR code and provide your token in order to verify it).
  7. That’s it! Now your WordPress administration area is protected by 2FAS.

Plugin requirements:

  • PHP 5.6 or newer (PHP 7.3 or newer is recommended)
  • PHP extensions: cURL, GD, Multibyte String and OpenSSL
  • WordPress 4.2 or newer (WordPress 5.7 or newer is recommended)
  • JavaScript enabled
  • A database user must have privileges for creating and deleting tables

Important notice: 2FAS plugin is not compatible with multisite mode.

If you have any problems with the installation, please contact us at support@2fas.com

Perguntas frequentes

Why do I need the 2FAS Classic plugin?

If you’re not completely sure your devices or ones used by your sub-users are completely free of keyloggers and viruses, then it is a great solution.

Without the token generated by your smartphone, any password discovery attempt will be useless with 2FAS Classic plugin.

Do I need to enter a token each time I log in to the WordPress admin?

No, it is not necessary. You can mark browser on your computer or mobile device as trusted. With trusted web browsers and devices, you don’t need to enter a verification code each time you sign in.

What do I need to do to start using the 2FAS Classic plugin?

The most common way to use the 2FAS plugin is to configure your smartphone to generate tokens. We recommend installing 2FAS Authenticator app but you can download any Time-based One-time Password (TOTP) app.
2FAS Authenticator app largely speeds up the verification process and makes it much more convenient, as it enables you to log in by one click on your mobile, without the need of retyping the code.
You also need to have an account on 2fas.com (you can do it during plugin configuration).

What should I do when I lose my phone/delete the app?

You may always use our 2FAS Backup. It is a feature of 2FAS App that allows you to backup your Secret Keys safely and anonymously on your cloud. This backup method is completely secure and no one except you has access to your keys.

In case you lose or damage your phone you simply install 2FAS App on your new device and turn the 2FAS Backup feature on to get access to your Keys. That way you will never get locked out of your accounts.

What methods can I use as a second factor?

In general, our plugin offers four authentication methods: TOTP app, offline code, text message, and an automated voice call. TOTP is the primary method and the other are backup methods. You can use them if you don’t have access to a mobile application.

Is it free?

It is completely free if you’re using tokens (TOTP, e.g. for 2FAS Authenticator app).
If you’d like to use text messaging or voice call, you need to create an account at 2fas.com and see our pricing, since prices vary depending on cell phone carriers. We charge only for the messages that are sent (authentication).

What is your privacy policy?

2FAS plugin sends to our API data which is important to provide website security and high quality technical support. Below you can find what kind of data is being sent:
– Website URL with the name and version of the WordPress installation
– PHP version
– 2FAS plugin version
– Browser name

This data is necessary in order to provide technical support.


24 de Junho, 2020
Found this plugin after a long search and this is exactly what I am looking for! Easy installation, no hidden features you get after paying! So completely free. If you want to receive SMS messages instead of a push in the app on your phone, there is a paid service, which is clearly explained. Use the plugin now for a few weeks and no problem, set up and working within 2 minutes! Top!
28 de Abril, 2019
2FAS is an excellent WordPress plugin that i have been using for over a year without any problems. 2FAS is a WordPress plugin developed with really good code that uses few resources and is really light. Furthermore the 2FAS plugin developers for WordPress provide an excellent, fast and professional assistance service. The WordPress 2FAS plugin does exactly what it promises and does it really well. For me the 2FAS plugin for WordPress greatly increases the security of websites developed with wWordPress. 2FAS plugin for WordPress is excellent and i recommend it to everyone !
24 de Abril, 2019
I switched 2FAS Light to this one - works good for me.
30 de Março, 2019
I had been using this plugin for about six months and really liked it's functionality even at the free level. However, recently I have had to remove it. A recent update to the plugin has caused themes on several sites I host and manage to insert blank space in the headers, footers, and menus. The recent update of the plugin was tested on a clean install with the same themes and the default theme with the same formatting problems. The recent update also affects the admin console by disallowing views of the Add New Plugins page, and the page and post listings from the admin panel. The same sites experienced significant slow downs for logged in users. Sites using Astra theme exoerience problems for all users, sites using Neve only for logged in users, other themes experienced some variation of the problems above depending on user level. I am hoping for a fix, but am looking for an alternative plugin for now.
7 de Fevereiro, 2019
I chose this plugin as it works on a Windows phone with Microsoft Authenticator, which some of the others don't. I've set it up on 2 sites so far, and you can choose which roles will need to provide authentication. Registration is required, but that's true of lots of things. So far, so good!
Ler todas as 13 avaliações

Contribuidores e programadores

“2FAS Classic – Two Factor Authentication” é software de código aberto. As seguintes pessoas contribuíram para este plugin:


Registo de alterações

3.2.0 (Dec. 1, 2021)

  • Removed push notifications

3.1.0 (Oct. 17, 2021)

  • Add deprecation info

3.0.6 (Sep. 6, 2021)

  • Removed old migration
  • Updated Account SDK to 4.3

3.0.5 (Jun. 21, 2021)

  • Added user migration to 2FAS Prime plugin

3.0.4 (Mar. 29, 2021)

  • Update plugin name

3.0.3 (Feb. 8, 2021)

  • Upgrade cookies support
  • Check adblocker when sending Push Notification