Title: LoginBerry – 2FA, Passwordless & Email Verification Author: BerryPress Published: January 13, 2026 Last modified: April 17, 2026 --- Search plugins ![](https://ps.w.org/loginberry/assets/banner-772x250.png?rev=3509272) ![](https://ps.w.org/loginberry/assets/icon-256x256.png?rev=3509272) # LoginBerry – 2FA, Passwordless & Email Verification By [BerryPress](https://profiles.wordpress.org/berrypress/) [Download](https://downloads.wordpress.org/plugin/loginberry.1.0.1.zip) * [Details](https://sa.wordpress.org/plugins/loginberry/#description) * [Reviews](https://sa.wordpress.org/plugins/loginberry/#reviews) * [Installation](https://sa.wordpress.org/plugins/loginberry/#installation) * [Development](https://sa.wordpress.org/plugins/loginberry/#developers) [Support](https://wordpress.org/support/plugin/loginberry/) ## Description LoginBerry bundles **account verification**, **two-factor authentication (2FA)**,** passwordless login**, and **login logs**. Each feature can be enabled or disabled independently. Outgoing codes are delivered by **email**. The plugin works for standard WordPress sites. When WooCommerce is active, additional customer- and order-related options are available (for example 2FA on the My Account login form and optional account activation tied to orders). #### User-facing behavior (when features are enabled) * **Account verification:** After registration, the user signs in and completes activation on the configured activation page using a six-digit code sent by email. * **Two-factor authentication:** After a successful username and password, the user enters a second code sent by email. Per-role modes are Required, Optional, or Disabled. * **Passwordless login:** On `wp-login.php`, eligible roles may request a one-time email code instead of entering a password. * **Login logs:** Success and failure records are listed in the WordPress admin. Authentication codes are email-based; end users do not install a separate authenticator app for the flows described here. #### Account verification * New accounts receive a six-digit activation code by email. * After fifteen failed activation attempts, the account is locked until an administrator intervenes. * Administrators can resend codes, activate accounts manually, and unlock accounts from **Users All Users**. #### Two-factor authentication (2FA) * Per-role setting: Required, Optional, or Disabled. * Optional mode allows users to enable 2FA from the profile when permitted by role. * Supported on `wp-login.php` and on the WooCommerce **My Account** login form. #### Passwordless login Let users log in without a password – just enter a username or email and receive a one-time login code. Improves user experience while maintaining strong security through email verification. * Toggle between password and passwordless login on wp-login.php * One-time email codes on `wp-login.php`, controlled per role. * When both passwordless login and 2FA are enabled for the same role, the passwordless flow does not require a separate 2FA step (email possession is already verified). #### WooCommerce * Optional automatic account activation when an WooCommerce order is created. * Optional restriction so that only **paid** orders trigger activation. * Integration points include classic checkout, block checkout (Store API), and paid-order completion hooks, as implemented in the plugin. #### Login logs Monitor all login activity on your site. Essential for detecting suspicious behavior and meeting security compliance requirements for e-commerce stores. * Records successful and failed login attempts * Logs username, email, IP address, and timestamp * View all logs in a dedicated admin page with sortable columns * Identify patterns of brute force attacks and suspicious login activity * Audit trail for security compliance and fraud investigation #### Admin interface * Centralized settings under **BerryPress LoginBerry**, with separate screens per feature. #### Email templates HTML email templates for activation, 2FA, and passwordless login ship in the plugin` templates/` directory. To override, copy the desired template into the active theme or child theme under `templates/loginberry/` (see each template file header for the exact path). #### Email delivery Reliable outbound email is required for codes to arrive. Typical setups use the hosting provider’s mail relay, a transactional email API (for example Brevo, Mailchimp Transactional / Mandrill, Postmark, SendGrid, Amazon SES), or a WordPress plugin that sends mail via SMTP or a provider API. Test delivery with a real signup or code request before relying on the feature in production. #### Typical use cases * Reducing unwanted or automated registrations and limiting abuse of disposable email addresses. * Verifying that a customer or member controls the email address on file. * Adding a second factor after password entry for selected roles. * Reviewing login success and failure history in the admin. * WooCommerce: applying optional post-order account activation, including a paid- order-only mode where configured. #### Roadmap LoginBerry is a brand new plugin and we are improving it quickly based on real user feedback. If you have ideas, feature requests, or run into a theme-specific styling issue, we would love to hear from you. Planned work includes: * Configurable failed-attempt limits (instead of the fixed fifteen for activation lockout) * Track last login time for each user * Custom activation page URL * Custom redirect URL after successful verification * Rate limiting on code verification attempts * Social login options * Improved styling flexibility and theme compatibility Feedback and compatibility reports are welcome via the plugin support channels. New features are prioritized based on user feedback. ## Screenshots * [[ * BerryPress LoginBerry dashboard and feature overview. * [[ * Two-factor authentication settings with per-role modes. * [[ * Account verification settings including WooCommerce order options. * [[ * Login logs admin list. * [[ * [[ * [[ * [[ * [[ * [[ * [[ * [[ * [[ ## Installation 1. Install LoginBerry from **Plugins Add New** in WordPress, or upload the ZIP under** Plugins Add New Upload Plugin**. 2. Activate the plugin. 3. Open **BerryPress LoginBerry** and enable the desired features (Account Verification, Two-Factor Auth, Passwordless Login, Login Logs). 4. For account verification, create a page with the slug `account-activate` and add the shortcode `[loginberry_account_activate]`. The Account Verification settings screen includes setup guidance. 5. Send a test code to an administrator account and confirm that email delivery works with your hosting or mail provider configuration. ## FAQ ### Do I have to enable every feature? No. Each feature is independent. You may enable only the components you need. ### What are the server requirements? WordPress 6.0 or newer, PHP 8.0 or newer, and reliable outbound email. ### Why are users not receiving emails? The site must be able to send email. Common approaches include the host’s SMTP relay, a transactional email provider, or a WordPress plugin that sends via SMTP or an HTTP API. Verify end-to-end delivery with a test message after any mail configuration change. ### How do I enable two-factor authentication? Go to **BerryPress LoginBerry Two Factor Auth**, enable the feature, and set each role to Required, Optional, or Disabled. ### How does passwordless login work? When enabled for a role, users on `wp-login.php` can request a six-digit code by email instead of entering a password. ### Can I use 2FA and passwordless login together? Yes. When both are enabled for the same role, the passwordless login flow skips the separate 2FA step because possession of the email inbox has already been verified. ### Where are the email templates? In the plugin `templates/` directory: `activation-email.php`, `2fa-email.php`, ` passwordless-login-email.php`. Override by copying to the theme where supported. ### Does it work with all themes? The plugin uses clean WordPress markup. Layout may vary slightly depending on theme styles, so if you see any styling quirks, feel free to reach out. ### Does LoginBerry work with WooCommerce? Yes. WooCommerce is optional. Without WooCommerce, verification (if enabled), 2FA on `wp-login.php`, passwordless login (if enabled), and login logs remain available. With WooCommerce active, 2FA is also available on the **My Account** login form, and account verification may optionally be tied to order creation, including a ** paid orders only** option. ### Does passwordless login work on WooCommerce checkout or arbitrary custom login forms? Passwordless login is implemented for the standard WordPress login screen (`wp-login. php`). WooCommerce My Account login supports two-factor authentication as described above; passwordless login on other forms is outside the current scope. ### Can admins activate a user manually? Yes. In Users All Users you will see links to activate accounts, resend codes, or unlock accounts. ### Can administrators help users who cannot activate or who are locked? Yes. Under **Users All Users**, administrators can view status, resend codes, activate accounts manually, and unlock locked accounts when applicable. ### What if an administrator is locked out or no other administrator can help? Another administrator can usually resolve the issue under **Users All Users**. If the site cannot be accessed from wp-admin, deactivate the plugin using standard WordPress recovery methods (for example renaming the plugin directory via FTP or SFTP, using WP-CLI where available, editing the `active_plugins` option after a database backup, or WordPress Recovery Mode when applicable). Deactivating plugins when wp-admin is unavailable: https://wordpress.org/documentation/ article/how-to-deactivate-all-plugins-when-not-able-to-access-wp-admin/ ## Reviews There are no reviews for this plugin. ## Contributors & Developers “LoginBerry – 2FA, Passwordless & Email Verification” is open source software. The following people have contributed to this plugin. Contributors * [ BerryPress ](https://profiles.wordpress.org/berrypress/) [Translate “LoginBerry – 2FA, Passwordless & Email Verification” into your language.](https://translate.wordpress.org/projects/wp-plugins/loginberry) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/loginberry/), check out the [SVN repository](https://plugins.svn.wordpress.org/loginberry/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/loginberry/) by [RSS](https://plugins.trac.wordpress.org/log/loginberry/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.1 – April 17, 2026 **Added and changed** * Two-factor authentication (2FA) via email codes; per-role Required, Optional, or Disabled; supported on `wp-login.php` and WooCommerce My Account login. * Passwordless login with one-time email codes on `wp-login.php`; when both passwordless and 2FA apply to the same role, the extra 2FA step after passwordless is omitted. * Login logging with user, email, IP, and timestamp. * BerryPress LoginBerry admin area with separate settings pages per feature. * Optional 2FA enrollment from the user profile when the role uses Optional mode. * HTML email templates for activation, 2FA, and passwordless login (theme overrides supported). * WooCommerce: optional automatic customer activation on order creation; optional** paid orders only** mode; hooks for classic checkout, block (Store API) checkout, and paid-order flows. * Locked activation screen messaging and a log out link after repeated failed activation attempts. * Default verification behavior for new installs; existing sites retain prior behavior via configuration versioning where applicable. #### 1.0.0 * Initial email-based account verification before site access (activation page and shortcode). ## Meta * Version **1.0.1** * Last updated **6 hours ago** * Active installations **Fewer than 10** * WordPress version ** 6.0 or higher ** * Tested up to **6.9.4** * PHP version ** 8.0 or higher ** * Language * [English (US)](https://wordpress.org/plugins/loginberry/) * Tags * [2FA](https://sa.wordpress.org/plugins/tags/2fa/)[email verification](https://sa.wordpress.org/plugins/tags/email-verification/) [login security](https://sa.wordpress.org/plugins/tags/login-security/)[passwordless login](https://sa.wordpress.org/plugins/tags/passwordless-login/) [two factor authentication](https://sa.wordpress.org/plugins/tags/two-factor-authentication/) * [Advanced View](https://sa.wordpress.org/plugins/loginberry/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/loginberry/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/loginberry/reviews/) ## Contributors * [ BerryPress ](https://profiles.wordpress.org/berrypress/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/loginberry/)