Description

Email OTP Authenticator is an Authentication & Security plugin designed to simplify WordPress login while strengthening user protection. It replaces traditional passwords with secure OTP verification and adds advanced session protection for better control over user access.

Built as a modular security system, the plugin operates through three dedicated protection engines while maintaining a fully self-contained architecture without external service dependency.

Delivering these key benefits:

Reduce login friction
Increase signup conversions
Reduce password reset requests
Strengthen multi-layered website security
Enhance user trust with secure authentication

Designed to make WordPress authentication faster, smarter and more secure.

Core Security Architecture

The plugin is engineered around three dedicated security engines:

Access Engine

Handles secure user entry through passwordless authentication.

Features:
* OTP Login
* OTP Registration
* Guest Verification
* Email authorization
* Fast Authentication Flow

Validation Engine

Adds identity confirmation and verification controls.

Features:
* New Device detection
* Auto-popup with UI lock
* Parallel login validation
* Two-Factor Authentication
* Login Validity Enforcement

Security Engine

Protects active sessions and detects abnormal activity.

Features:
* Dynamic Session Shield
* Session Validity Check
* Session Inactivity Lock
* Adaptive 2FA Enforcement
* Suspicious Activity Guard

Key Highlights

Quick Login & Signup – Instant, easy, and password-free; Login & signup with OTP.
Built-in Two-Factor Authentication – Additional identity protection layer.
Verified Access Control – Verify users without login for access to restricted pages.
Dynamic Session Shield – Intelligent session protection engine.
Zero External Dependency – Works without third-party services.
Modern Vanilla JavaScript Engine – No jQuery dependency.
Flexible Integration Options – Add authentication anywhere.
Complete Admin Control – Fine-tune authentication behavior.
Built-in Interface System – Attractive ready-to-use templates.
Lightweight & Fast – Optimized for performance.

Flexible Integration Options

Add authentication forms anywhere on your website using simple integration methods.

Integration methods include:

Shortcode integration (auto-popup, popup or inline forms)
Menu trigger integration (popup forms)
Redirect support for auto-popup & inline form pages
Multiple forms on the same page
Easy setup without coding complexity

Built-in Templates

Attractive 27 ready-to-use templates with auto-popup, popup and inline support.

Easy-to-apply modern designs that match your website style, with options to customize pre-built templates or create your own.

Complete Admin Control

Customize authentication behavior, layout options, security restrictions and verification rules with ease. Admins gain complete control over user access and interaction across the website.

Zero External Dependency

Run a complete authentication system without relying on any third-party services.

Full data control
Standalone operation
No external APIs required
Self-hosted OTP processing
Reliable authentication flow

Modern Architecture

Built using modern development practices:

Vanilla JavaScript implementation (no jQuery)
Optimized settings storage
Secure token validation
Lightweight execution flow
Improved performance structure

Ideal Use Cases

This plugin is ideal for:

Membership websites
WooCommerce stores
SaaS dashboards
Community platforms
Agencies managing client websites
Developers needing flexible authentication
Beginners and small websites needing simple security

Designed to scale from beginner websites to enterprise environments.

Compatibility

Works smoothly with popular WordPress tools:

WooCommerce
Ultimate Member
MemberPress
BuddyPress
ProfileGrid
ProfilePress
User Registration
WP User Manager
Paid Memberships Pro
RegistrationMagic
Forminator
Login/Signup Popup plugins
And many more

Why Choose This Plugin

FAST – Quick OTP authentication process
FRIENDLY – Simple user experience
SMART – Intelligent access handling
SMOOTH – Clean UI integration
SECURED – Strong authentication protection

Support

Feedback helps improve this plugin.
Send suggestions or issues to:
Mr.Chandan.Shrivastava@gmail.com

Notes

This is the Lite version with advanced features included for exploration.

Screenshots

Form Templates
Default Template
General & Layout
Login & Register
2FA & DSS
Email Settings

Installation

Upload the plugin folder to /wp-content/plugins/
Activate the plugin from WordPress dashboard
Configure Email OTP Authenticator settings
Add forms using shortcode or menu integration

FAQ

Does it support SMS or WhatsApp OTP?: Currently, only Email OTP authentication is supported. Multi-channel OTP verification (Email/SMS/API) is planned for future releases.
Can guest users verify or register using OTP?: Yes. Guests can register and verify their email using OTP without requiring a password.
Can administrators log in using OTP?: Yes. Administrators can securely log in to the WordPress dashboard using Email OTP authentication.
Can I use multiple inline or popup forms on the same page?: Yes. You can place multiple inline or popup authentication forms on a single page using shortcodes.
Can I enable Two-Factor Authentication (2FA) for login or registration?: Yes. 2FA can be enabled for login, registration, or both to add an additional layer of protection.
What happens if 2FA verification fails?: If verification fails, the user will be redirected to the configured failure redirect URL or verification page based on plugin settings.
Where does the user go after successful 2FA verification?: After successful verification, users are automatically redirected back to their original source or intended destination page to ensure a smooth authentication flow.
Can I enforce verification when a new device is detected?: Yes. The Dynamic Session Shield security engine can enforce verification when a new device or browser session is detected.
What happens if a session becomes inactive?: The session will be locked after the configured inactivity period or unusual activity is detected and verification will be required to continue access.
Can the plugin log out active sessions on suspicious activity?: Yes. Dynamic Session Shield can automatically terminate sessions if verification fails.
Does session protection affect all logged-in devices?: No. Session protection applies only to the current session unless global logout is triggered by security rules.
Can I customize the 2FA verification page?: Yes. You can define a custom page containing the verification shortcode to control the verification workflow.
Can I disable the session inactivity timeout?: Yes. The inactivity timeout can be disabled or adjusted from plugin settings.
Is Dynamic Session Shield enabled by default?: No. Dynamic Session Shield is optional and can be enabled or configured from the plugin settings.
Can developers integrate authentication responses into custom workflows?: Yes. Developers can process verification responses using JavaScript, PHP hooks and integration logic for advanced customization.
Does this plugin require any third-party services?: No. The plugin works completely independently without requiring any external authentication services or APIs.

Reviews

scorpion360 July 25, 2025

Great, Thank you kindly

Presson July 6, 2025

The plugin is the most advanced of all the OTP plugins within the WordPress ecosystem. The Author seems committed to the further enhancement and extending of the plugin. I score the plugin high for Support, Robustness and extensibility.

jychuang8411 June 14, 2025

I purchased the Prime + Addon version of the plugin, and although I’m not a skilled coder, the experience has been outstanding. I ran into some issues, but the developer responded incredibly quickly and provided thorough support. The level of dedication—answering every single question patiently—far exceeded my expectations. Thank you for creating such an amazing plugin! I’ll definitely support you again for any future websites and will gladly recommend this to all my developer friends.

gslim May 3, 2025

normatter after sales support and the plugin truly good and always answer on time.

hmarx March 21, 2025

I repeat my review because I forgot to assign a title:I would like to give a big compliment to the plugin and the team behind it. The plugin does an excellent job when it comes to manage a passwordless login for memebership-based LMS platforms. The handling to implement the software is easy even if you are not an expert like me and if you are facing a problem the support team reacts immediately. The willingness to integrate new features or make improvements is surprisingly high in contrast to other companies who usually put you off and refer to the future. Really great! Thank you!

user2726 January 4, 2025

I had been searching for years for a plugin that simplifies the login process in the WooCommerce environment, and this plugin is exactly what I needed. It works perfectly and does exactly what it promises. What makes the experience even better is the fantastic support. The team responds quickly, professionally, and truly thinks along with you. On top of that, you can tell they take feedback seriously: over the past few weeks, they’ve released frequent updates, showing their commitment to continuously improving the plugin. Highly recommended for anyone who values user-friendliness and excellent service!

Read all 11 reviews

Contributors & Developers

“Email OTP Authenticator – Login, Register, 2FA & Session Lock” is open source software. The following people have contributed to this plugin.

cs7.in

Translate “Email OTP Authenticator – Login, Register, 2FA & Session Lock” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

6.3.5

Released on: 26-Mar-2026
Fixed: Duplicate element ID errors in OTP form resolved in browser.
Added: OTP form engaged status displayed via SVG animation.
Added: New option ‘Enable the Advance Admin’ added in settings.
Added: Option to remove all data of this plugin on deactivation.
Added: Logout option from the 2FA and DSS form added in settings.
Added: New option ‘Checkout Form Templates’ added in Layout panel.
Added: New feature ‘Dynamic Session Shield’ added in 2FA & DSS panel.
Added: Advanced settings and pages hidden from general admin dashboard.
Added: Legacy version POT file included in plugin for version switching.
Rectified: Login process corrected in class files.
Rectified: Admin identifier corrected in class files.
Rectified: Corrected the import and restore settings process.
Rectified: Cursor position in 6 OTP boxes corrected after OTP paste.
Modified: Beta option for Vanilla JavaScript removed from settings.
Modified: Previous license types discontinued; new ones introduced.
Modified: All locked features are marked with lock icons in settings.
Modified: Reserved option ‘useupgrdfiture’ removed from all references.
Modified: jQuery removed and Vanilla JavaScript implemented permanently.
Improved: 2FA features redesigned and moved to a new panel.
Improved: Settings Min–Max validation optimized and shortened.
Improved: The old plugin website has been replaced with a new website.
Improved: Extreme version lock with P.A. managed separately in settings.
Improved: Paid note moved under license key section in integration page.
Improved: Legacy version supporting file upgraded to plugin version 6.3.4.
Improved: Merging saved settings with default settings improved in class files.

6.3.4

Released on: 11-Nov-2025
Fixed: Several Unicode-related bugs in settings and class files.
Rectified: Line background color for better appearance in support code.
Modified: Template title HTML code to resolve conflict with admin notice.
Improved: Some setting descriptions for better clarity and understanding.
Improved: 2FA box type set to auto-popup for a faster and smoother process.

6.3.3

Released on: 20-Oct-2025
Added: Template notes for successful actions, including cache-clear instructions.
Added: Import and export functionality for plugin settings on the Integration page.
Rectified: “P.A.*” mark issue corrected in the Ratify Guest tab in QuickServ page.
Rectified: Test page generated by the setup wizard optimized for smoother display.
Modified: Function name License_Allowed updated for standardization.
Modified: Video text and link modified and redirected to the self-hosted page.
Modified: “The Exalter Option” renamed to “Exalter Options” in the Integration page.
Improved: Added extra protection against direct access on all pages.
Improved: Suppressed unnecessary admin notices for cleaner backend pages.
Improved: PHP encryption replaced with obfuscation; eval() removed for safety.
Improved: Template images, thumbnails, and default data within setup packages.
Improved: All submit inputs converted into button tags in client-side scripts.
Improved: Setup wizard now auto-installs the demo page instead of runtime loading.
Improved: Multiple UI components enhanced to deliver a smoother front-end experience.

6.3.2

Released on: 07-Oct-2025
Fixed: 2FA verification initialized from UI before OTP class trigger.
Fixed: Load_textdomain_just_in_time notice resolved successfully.
Added: Background images with adjustable opacity in both form and backdrop.
Added: New facility to choose and apply templates from settings panel.
Added: 27 ready-to-use templates for inline and popup display.
Added: Client-side developer tools protection for improved security.
Added: Option to hide scrollbars in popup templates for clean design.
Added: Quickserv submenu introduced for faster access to key options.
Added: New control to set notice font color and size in form display.
Added: Auto-migration feature from old settings to new configuration.
Added: Option to preserve premium settings from false overwriting.
Rectified: Internal process in setup wizard rectified in settings module.
Rectified: Code to retrieve options optimized for smoother performance.
Rectified: OTP validation Ajax nonce and security parameters refined.
Rectified: Backdrop alignment and opacity handling corrected in popup.
Modified: Simple MD5 password encryption upgraded with hash security.
Modified: Dynamic demo file download moved to installation process.
Improved: Settings storage combined for faster save and load process.
Improved: Default values adjusted to enhance user interface behavior.
Improved: 2FA description updated with warning on service downtime.
Improved: Popup border aligned with input and button border styling.
Improved: Settings panel made lighter and more secure for performance.
Improved: Notes section in setup wizard simplified for better clarity.
Improved: Contact for feedback and support modified in dashboard area.

6.2.4

Released on: 29-Jul-2025
Fixed: An effective bug in the class file for globals has been fixed.
Fixed: An user interface bug in Addon service details has been fixed.
Added: A major feature as setup wizard has been added in the plugin.
Improved: Settings storage feature is replaced with universal storage.
Improved: Separate admin url function is replaced with common admin url.
Improved: Complete admin panel template has been improved for better look.
Rectified: Addon service notes has been rectified in the settings.
Rectified: Load demo class file with the same version plugin has been added.

6.2.3

Released on: 17-Jul-2025
Fixed: Some bugs in form notes and messages has been fixed.
Added: Display Short Width Buttons has been added in Layout.
Added: Hide Autofill Email Checkbox has been added in Layout.
Added: Ability to put customized fonts has been added in Layout.
Added: Combine options value has been created to speedup the process.
Added: Multilingual phrases has been added in form notes and messages.
Improved: Form CSS script has been improved for better look.
Improved: ‘Remember my email’ has been improved to ‘Autofill my email’.
Modified: Alignment of the ‘Remember my email’ has been modified.
Rectified: Upgrade notes has been rectified in settings.
Rectified: Addon service notes has been rectified in settings.
Rectified: Sub menu text has been rectified in dashboard menus.
Rectified: Clients bottom notes has been removed from settings.
Rectified: Some phrases in form notes and messages have been rectified.

6.2.0

Released on: 07-Jul-2025
Added: Editable form text and notes have been added to the template.
Added: Popup box and backdrop blur effect added to the template.
Added: OTP form border and color added to the template.
Rectified: Popup box z-index supremacy has been rectified in CSS.
Rectified: The OTP form checkbox text color has been rectified in CSS.

6.1.1

Released on: 29-Jun-2025
Fixed: The mobile menu popup bug has been fixed.
Added: Autopopup type for popup box has been added.
Added: Show/Hide option for popup box close button has been added.
Added: Opecity for all colors has been added in the template.
Added: Backdrop color and opacity has been added in the template.
Improved: The Protected Roles in the class files has been improved.

6.0.1

Released on: 20-May-2025
Fixed: The size bug in extreme demo file has been fixed.
Fixed: Two code bugs in class file have been fixed.
Fixed: A bug in a folder path has been fixed.
Rectified: Some integration notes have been rectified.
Rectified: Title of the Snippets has been rectified.
Improved: The language library file has been improved.

6.0.0

Released on: 11-May-2025
Fixed: An update bug in wp_autoupdate.php has been fixed.
Fixed: The placement bug in extreme demo file has been fixed.
Added: The 2FA features have baeen added.
Added: The inline form for OTP has been added.
Added: Reset all settings feature has been added.
Added: A common external class file has been added.
Added: New tab for Layout has been added to Settings.
Added: Sharp corner theme has been added to the template.
Added: A new Dashboard menu has been created with submenus.
Added: Separate pages for integration and shippents have been added.
Added: Multiple inline forms, popup links and menus ability has been added.
Rectified: The process Log has been rectified.
Rectified: The Activity Log page has been rectified.
Rectified: The ajax failed response has been rectified.
Improved: The switch page has been improved.
Improved: Template options have been improved.
Improved: The plugin logo and icons have been upgraded.
Improved: Wrong attempt limit option has been centralized.
Improved: Shortcodes for inline forms and 2FA have been improved.
Improved: Verify_User to RWL, Verify_Guest to RWA, Verify_All to RWP.

5.3.5

Released on: 11-April-2025
Added: Tutorials videos are added.
Rectified: Addon class file connector rectified.

5.2.6

Released on: 20-March-2025
Fixed: Font color bug fixed in popup template.
Fixed: Popup headers unusual border bug fixed.
Fixed: Popup on back headers toggle bug fixed.
Fixed: Plugin twice events trigger bug fixed.
Added: Internal process diagnostics system added.
Modified: Customize email switch definition modified.
Modified: Popup header commands colour modified.
Modified: Plugin JS support code modified.
Modified: Plugin EventLog design modified.
Improved: Send from email address verification improved.
Improved: Encrypted variables progress log improved.

5.2.5

Released on: 17-January-2025
Fixed: Cookies expiring error fixed in Addon+ class file.
Fixed: Log record reset error fixed in settings file.
Fixed: Default value of get option errors fixed in class file.
Improved: Login service response improved in Lite class file.

5.2.1

Released on: 08-January-2025
Fixed: Many path key errors fixed in settings and class files.
Fixed: Many get option errors fixed in settings and class files.
Fixed: Auto update details check error fixed in Lite version.

5.2.0

Released on: 31-December-2024
Fixed: A crucial bug fixed in Addon+Prime server class file.
Fixed: Addon+Prime file loading bug fixed in Lite version.
Fixed: Addon+Prime file reloading bug fixed in upgraded version.
Fixed: A bug fixed to show response messages in Lite version.
Modified: Addon+Prime feature selection removed from Extreme version.
Modified: Addon+Prime class file unloaded from Extreme version.
Improved: Checkbox design rectified in plugin settings.
Improved: API file is improved to serve Addon+Prime features.

5.1.2

Released on: 22-December-2024
Added: Append option added in External CSS.
Improved: CSS improved for terms of use and remember email options.
Improved: Use external CSS option text and explanation are improved.

5.1.1

Released on: 20-December-2024
Fixed: Bugs fixed in the back support system upgrade.
Fixed: Bugs fixed for status codes in Lite version.
Fixed: A bug fixed in emailotpauthn_nav_menu_link operation.
Added: Addon+Prime features added to Lite version.
Added: Addon+Prime API files created to serve in Lite version.
Added: OTP attempts log and log file added to review.
Added: External CSS script added to manage the complete CSS.
Added: An offer added to participate in plugin improvements.
Improved: External functions are extended to operate the response messages.
Improved: Settings page revised and rearranged for better look.
Modified: Modified the response code in the lite version.

5.0.1

Released on: 22-November-2024
Fixed: A bug in the default colors has been fixed.
Fixed: Recurring message bug in JavaScript has been fixed.
Fixed: Exclude login text from wildcards in token key lock.
Fixed: Delayed messaging has been fixed in JavaScript in the Lite version.
Added: Added template with some new options.
Added: Added new tab as Snippets for support code.
Modified: New category created as Automate.
Modified: General settings have been modified.
Improved: Tabs in the Settings page are separated into blocks.
Improved: Six separate boxes have been created for OTP in the authentication popup.

4.8.2

Released on: 15-November-2024
Fixed: Admin unlocked from token key lock.
Fixed: Guest and User verification panel activity check.
Added: Multi URLs/Pages token key lock with redirected URL.
Added: Wildcards in multi URLs entry to lock by token key.
Added: Runtime Log and path of process to diagnose issues.
Modified: Back support system upgraded to the version 4.7.5

4.7.5

Released on: 07-November-2024
Fixed: Activate/Deactivate sender email notification.
Added: Generate username while new user registration.
Added: Support code to change the UI content/language.
Improved: Instruction message to use the key to upgrade.

4.7.3

Released on: 04-November-2024
Fixed: Bug fixed for sending the Registration email.

4.7.2

Released on: 19-October-2024
Fixed: Sender email address validation error fixed.

4.7.1

Released on: 11-October-2024
Added: Instructional messages for settings.
Added: From email id setup to send OTP mails.
Added: From email id validate/invalidate feature.
Fixed: Update and error notification from self hosted server.

4.6.6

Released on: 05-October-2024
Added: Help notes in Settings page.
Added: Warning message on wrong installation.
Improved: Notification about extra use of the plugin.

4.6.3

Released on: 24-September-2024
Fixed: User verification without login.
Fixed: Guest verification without registration.
Added: Redirection after verification.
Added: Redirected URL Lock with token key.
Added: Token key validation and validity period.
Added: Divert URL with invalid/expired token key.
Improved: Multiple popup with different actions on a page.
Improved: Panel activation/deactivation features.
Improved: Token key security and features.
Upgraded: Update feature with hosting server.

4.5.2

Released on: 19-August-2024
Modified: Settings and enryption process.
Improved: Update feature with hosting server.

4.2.5

Released on: 12-August-2024
Fixed: Some text in captions and details.
Fixed: Update bugs with hosting server.
Improved: Addon related facilities.

4.2.1

Released on: 05-August-2024
New Features:
Registration with Email and OTP only.
Email verification of guest users without registration.
Verification of registered users without login.
Custom body color option for popup box.
Re-verification of email for logged in users.
Option to block specific email addresses.
New email features with blocked and allowed email provider domains.
Optimizations:
Encrypted OTP for server side security.
Minimal processing to optimize performance.
Cleaner for garbage left in incomplete process.
Option to switch the preferred version between previous or latest.
Modifications:
New popup box design and theme.
External functions with more features.
Settings have been organized into tabs.

2.8.7

Released on: 10-May-2024
Modified: Plugin auto upgradation system is modified.

2.8.6

Improved: Plugin auto upgradation system is improved.

2.8.4

Included: Self hosted plugin server included.

2.8.2

Fixed: Damaged css is re-rectified.
Fixed: Jquery file is included.

2.7.8

Fixed: Damaged css is rectified.
Fixed: Pop-up code is rectified.
Modified: Pop-up timing is modified.

2.7.6

Added: Help desk for rating request is added.
Fixed: All unnecessary admin notices are removed from settings page.

2.7.4

Fixed: The verification title issue in a pop up is rectified.

2.7.3

Modified: Plugin extensions are modified.

2.6.8

Fixed: Extra whitespace problem with UPDRAFT backup.

2.6.4

Fixed: Inbuilt js script to display the popups.
Fixed: Login/verify popups title rectified.

2.4.6

Fixed: WP email and SMTP setup.
Improved: Wording of some insturctions in plugin setup is improved.

2.4.2

Released on: 02-July-2023
Initial Release.

👍

responsive support, robustness, and extensibility

Amazing plugin! Great developer support!

For me is the best

Great plugin, and excellent support!

Amazing plugin with outstanding support!