19 May 2026

WordPress and a simple second factor

Add phone-tap two-factor authentication to any WordPress site in six steps with the Notakey provider plugin.

WordPress logins are among the most brute-forced on the internet. Notakey provides a dedicated plugin that adds a phone-tap second factor in six steps.

Six steps to a protected login

1. Prepare a Notakey authentication server, on-premises or cloud-hosted; the free tier is enough for a small team.

2. Install two plugins in WordPress: the Two-Factor plugin and the Notakey Provider for Two-Factor extension.

3. Activate both plugins.

4. Create an application and API credentials in the Notakey appliance dashboard, with scopes for authentication, user management and device management. Configure onboarding requirements; phone-number-based SMS verification is one ready-made option.

5. Configure the Notakey extension under WordPress Settings: enter the authentication server’s service URL, client ID and secret, service ID, and service domain.

6. Onboard users. Each user installs Notakey Authenticator, opens their WordPress Two-Factor Options, starts onboarding, and scans the QR code to finish setup on their phone.

From the next login, WordPress asks the phone — and password phishing against your site stops paying.

← All posts

See your first passwordless login this week

A 30-minute call with an engineer, not a sales deck. We’ll map your VPN, SSO or Windows setup to a working pilot.