Search Knowledge Base by Keyword

WP 2FA plugin changelog

You are here:

1.5.2 (2021-01-20)


  • New improved “2FA code page” prompt text.

Bug fixes

  • Fixed an issue that was locking administrators out of the plugin’s configuration – incorrect user ID stored the plugin settings where saved.
  • Fixed a CSS compatibility issue caused by non-targeted “.disabled” styling.

1.5.1 (2020-12-10)

Big fix

  • Configured 2FA profile for user was reset after first-time install wizard / possibly settings changes.

1.5.0 (2020-12-08)

Release notes: Fully responsive 2FA wizards & more efficient code

New feature

  • All the 2FA wizards in the plugin are now fully responsive and mobile friendly.


  • Removed duplicate code and improved the plugin’s efficiency in general (plugin can scale much better now as well on bigger websites).
  • Improved and optimized the creation and handling of user data when saving the 2FA policies and settings.
  • Reduced the overall memory usage when processing settings by switching to direct wpdb queries.
  • Switched to a single validation function when processing settings.
  • Split each background task into smaller individual classes to reduce the load on the website when saving settings / applying policies.
  • New settings overwrite currently queued settings instead of being enqueued when the administrator changes the settings.
  • Added a confirmation step in the wizard for when 2FA setup is completed.
  • Optimized the code that retrieves the email template settings.
  • Unified all email sending functions into one (less code, more efficient, easier to troubleshoot).
  • 2FA method is now separate from backup codes – user does not need to regenerate new backup codes when 2FA config is reset.
  • Users are logged out from session if 2FA is required and administrator resets the 2FA profile.

Bug fixes

  • Users were not being redirected to reconfigure 2FA when 2FA was enforced and the admin resets their 2FA profile.
  • Users were unable to reconfigure TOTP 2FA via front-end form in some edge cases.
  • Pressing Enter when a modal is open was sometimes closing it.
  • Awaiting jobs were not being deleted on plugin uninstall.
  • Number of errors were generated when a website visitor visited the shortcode page.
  • In some edge cases, users could still login to website.
  • Addressed a conflict with the session lockout feature of All in One Security plugin.
  • Backup codes were not generated at the end of the wizard in some edge cases.

1.4.2 (2020-09-02)

Release notes: WP 2FA 1.4.2: Improved 2FA policies & multisite network support

New features


  • Users can setup 2FA via their smart device without the need to scan the QR code.
  • When instant 2FA setup is required, existing user sessions are not terminated. Instead they are redirected to the 2FA wizard.
  • The dates and times used in emails and notifications have the same format as that configured in WordPress.
  • The dates and times strings used in the plugin and emails are fully translatable.
  • Added a subject to the login confirmation code email.
  • Better error reporting when required settings are missing.
  • Removed all reference to the Google Authenticator app. Now all messages are generic for all 2FA apps.
  • Standardized the order of placeholders in 2FA wizard.

Bug fixes

  • Users were unable to setup 2FA in some edge cases because of a HTTP 400 error response during the wizard.
  • Grace period settings hid unexpectedly upon changing the settings.
  • The wrong grace period was being added to the user emails.
  • Wrong grace period was shown in user email when users are required to instantly setup 2FA.
  • Users were able to disable 2FA after setting it up, even when 2FA is enforced.

1.4.1 (2020-07-31)

This is a followup maintenance release of version 1.4.0.


  • Updated the plugin settings text and wizards’ text to reflect the new changes (support for multiple 2FA apps).
  • Redirect users to the user profile page if they exit the 2FA setup wizard.

Bug fixes

  • Reset 2FA app method button not working in wizard.
  • When a 2FA method is disabled, all enabled user configured 2FA methods are cleared in the usermeta, falsely flagging the user to reconfigure 2FA.
  • Fixed a minor UI compatability issue with Jetpack CRM.

1.4.0 (2020-07-22)

Release notes: WP 2FA 1.4: Support for Authy, FreeOTP & other 2FA apps

New features

  • Support for the following 2FA apps: Authy, Duo Security, FreeOTP (open source) Microsoft Authenticator, LastPass.
  • Optional policy to enforce instant 2FA – users have to configure 2FA otherwise they can’t login to the website.
  • Admins now have the option to choose when the plugin sends emails to users who have not configured 2FA yet (emails to setup 2FA).
  • New slide in the setup wizard to allow admins to disable initial 2FA setup emails.
  • New option to disallow users from disabling 2FA in their profile.


  • Plugin no longer changes the email templates when the front-end 2FA page is enabled / disabled.
  • Grace period slide in setup wizard updated so admins can require 2FA straight after login.
  • Improved the intructions and help text of the front-end 2FA page.
  • Applied several minor UI and UX improvements to the wizard.

Bug fixes

  • Super admin not shown the notification to configure 2FA when policies applied to them.
  • Compatibility issue with WordFence (support ticket).
  • Grace period changes in wizard are properly reflected in initial 2FA setup email sent to users.
  • Reset button in wizard not working when 2FA is already configured with 2FA app.
  • Minor CSS issue with a dashboard widget from Mailster.

1.3.0 (2020-06-04)

Release notes: WP 2FA 1.3: Front-end 2FA setup & improved 2FA policies

New features

  • 2FA setup website page for users who do not have access the dashboard and want to setup 2FA.
  • Front-end 2FA setup page email tag so the link to setup 2FA can be included in the user emails.
  • A number of shortcodes to setup your own 2FA configuration page.
  • Setting to enable/disable every individual email notification.


  • 2FA Policies can now be enforced both by role and to specific users at the same time.
  • Administrators are redirected to the 2FA settings after completing the wizard.
  • Standardized the handling and error notifications for the custom from email address and display name placeholders.

Bug fixes

  • Addressed a number of minor UI issues in the plugin wizard.
  • Sites excluded in the wizard on multisite networks not excluded in config.
  • Username was not properly retrieved and shown in the backup code print export.
  • Users’ grace period database entry was not deleted when admin removed the policies.

1.2.0 (2020-05-06)

Release notes: WP 2FA 1.2: Multisite network support & configurable email templates

New features

  • Multisite network support.
  • Configurable email templates.
  • New setting to also configure the “from email address and display name” for all plugin emails.
  • Support for redirect after login plugins.


  • Support for custom login pages; user is correctly redirected to enter 2FA code when using one.
  • Added a “Send another code” button in the email 2FA wizard (in case first email is not received).
  • If they apply, policies are automatically enforced on newly created user (user is sent an email notification).
  • 2FA policies are enforced if they apply when a user’s role is changed.

Bug fixes

  • Locked user is sent an email every time there is a login attempt on the account.
  • Backup codes not generated in some specific scenarios.
  • Incorrect META title of plugin wizard (Support ticket).

1.0.1 (20200427)

Bug fix

  • Plugin does not generate backup codes in certain circumstances.

1.0.0 (20200401)

  • Initial release