How to setup OTP Over SMS for WordPress 2-Factor Authentication (2FA/MFA)?
OTP Over SMS (One-Time Password over Short Message Service) is a two-factor authentication (2FA) method where a unique, temporary password is sent to the user's mobile phone via SMS. This OTP is required, along with the user's regular password, to gain access to the user’s WordPress account. The OTP is usually valid for a short period or for a single session, providing an extra layer of security.
Why should you use OTP Over SMS or WordPress 2fa SMS as a two-factor authentication method?
- Familiarity: Most users are familiar with receiving SMS messages, making the process intuitive.
- Accessibility: No need for users to download or install additional apps. OTP Over SMS works on any mobile phone with SMS receiving capability, regardless of the device type or operating system.
- Wide Adoption: Widely supported and trusted by many services and industries.
- No Dependency on the Internet: Users can receive OTPs even without an Internet connection, ensuring reliability in various situations.
You can download miniOrange 2-Factor Authentication(2FA) plugin using the following link:
This plugin can be configured for any TOTP-based/OTP Login 2fa methods like Duo/Microsoft/Google Authenticator. It supports OTP login based 2fa methods [24/7 SUPPORT]
Pre-requisites For Setting Up OTP Over SMS as a 2FA method.
- To Install our miniOrange two-factor authentication plugin on your WordPress website which supports OTP Over SMS as the two-factor authentication method.
- A simple phone with the capability of receiving SMS.
To use OTP Over SMS as the two-factor authentication method for your WordPress site you need:-
Getting started with the OTP Over SMS/SMS Authentication setup
Let’s see how an administrator can set up OTP Over SMS for users. This can be done in two very simple ways:-
- Setup Wizard
- Dashboard of the plugin
1. OTP Over SMS setup through Setup Wizard
The setup wizard appears right after the successful installation and activation of the WordPress 2FA plugin. The Wizard helps you set up 2FA(in this case OTP Over SMS)
Let’s follow the steps below to set up the OTP Over SMS method as 2FA for your users.
- Click on the Let’s get started! button.
- Choose the first option “User should setup 2FA during first login.”
Choosing this option as name suggests will make user’s compulsorily configure 2FA methods (in this case we will be configuring Security Questions). - Click on the Continue Setup button.
- Choose the ”All users” option to set 2FA for all and click on the Continue Setup button.
- Choose only for a specific roles option.
- Select the particular role for which you want to set 2FA. (As administrator has been chosen here. This will set the OTP Over SMS method as 2FA only for the administrator's role.)
- Then, click on the Continue Setup button.
- Choose the “Users should be directly enforced for 2FA Setup” option and click on the All Done button.
- You have successfully configured the two-factor authentication.
Step 1: Once you have activated the plugin the following screen of the setup wizard appears.
Step 2: The wizard guides you to choose any one options for inline registration.
There are two option under inline registration:-
Step 3: Next you are guided to choose the user’s role for which you want to set OTP Over SMS as a 2FA method.
OR
Step 4: Now, it guides you to set the Grace period for your users. There are again two options:-
1. Users should be directly enforced for 2FA Setup:- If you don’t want to give your users any period to set 2FA you can go with the first option.
Users will have to set 2FA during their first login to gain access to the account.
2. Give users a grace period to configure 2FA:- choosing this option will allow you to give your users a certain grace period within which users will be required to set their 2FA. Users will have to set 2FA after expiration of the grace period.
Steps for users to configure OTP Over SMS
After completing the above 2FA setup in a few simple steps, users are prompted to configure a list of two-factor authentication methods, including OTP over SMS.
- Go to the WordPress Login page and enter the user’s login credentials.
- Choose the “OTP Over SMS” radio button. You are prompted to configure a two-factor method while logging in for the very first time.
- Enter your phone number in the provided field to configure OTP Over SMS.
- Click on the Send OTP button.
- Enter the 2FA code/2FA OTP sent to your registered phone number via SMS.
- Click on the Validate OTP button.
- Click on the Finish button to finish it.
- The user has successfully logged into the account.
- Go to the WordPress Login page and enter the user’s(in this case admin) credentials to login.
- Enter the 2FA code/2FA OTP sent to your registered phone number via SMS.
- Click on the Validate button.
- The admin has successfully logged into the account.
Now you must carefully store the backup codes provided to you. These codes will help you login when you become locked out of your account for any reason.
Subsequent Login for user’s account through OTP Over SMS
Let’s see how user's subsequently login to their account after configuration of OTP Over SMS during first login.
2. OTP Over SMS setup from plugin dashboard
- Enable 2FA for the all the roles for which you need to set 2FA.
- Then, click on the Save Settings button.
If you have choose to Skip Setup Wizard, here's an alternate way to setup OTP Over SMS through the plugin dashboard.
After clicking on the Skip Setup Wizard option, you will be redirected to the plugin dashbord i.e, Login Settings tab of two-factor authentication menu where you can enable 2FA for all the desired roles.
Steps for users to configure OTP Over SMS
- Go to the WordPress login page and enter the user’s login credentials.
- Choose the OTP Over SMS option among all two-factor authentication methods.
- Enter your phone number in the provided field to configure OTP Over SMS.
- Click on the Send OTP button.
- Enter the 2FA code/2FA OTP sent to your registered phone number via SMS.
- Click on the Validate button.
- Click on the Finish button to finish it.
- The user has successfully logged into the account.
- Enter your login credentials and click on the Login button.
- Enter the 2FA code/2FA OTP sent to your registered phone number via SMS.
- Click on the Validate button.
- The user has successfully logged into the account.
Now you must carefully store the backup codes provided to you. These codes will help you login when you become locked out of your account for any reason.
Subsequent Login for user’s account through OTP Over SMS
Let’s see how user's subsequently login to their account after configuration of OTP Over SMS during first login.
Need Help? We are right here!
