miniOrange 2FA – Two Factor Authentication for WordPress (OTP, SMS, Email, Google Authenticator)

Add 2FA to WordPress login with OTP, SMS, Email, and authenticator apps. Free plan supports setup for up to 5 users.

v6.2.5miniOrangeUpdated 2026-05-21Added Jul 9, 201510k+ installs90% rating

2FA MFA WordPress 2FA google authenticator two factor authentication

Score

611

Errors

Warnings

Change

Category Scores

Security100

Repo100

Performance100

Maintainability42

Top Issues by Category

maintainability616

1wp function not compatible with requires wpwp_function_not_compatible_with_requires_wpERROR610 2Non Prefixed Constant FoundWordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFoundWARNING2 3trademarked termtrademarked_termWARNING2 4Plugin Directory WritePluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWriteERROR1 5upgrade notice limitupgrade_notice_limitWARNING1

Issues Details

616 issues found in latest scan

ERROR610

wp_function_not_compatible_with_requires_wp

Function "current_datetime()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 3.0.1.

WARNING2

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DEFAULT_GOOGLE_APPNAME".

WARNING2

trademarked_term

The plugin name includes a restricted term. Your chosen plugin name - "miniOrange 2FA – Two Factor Authentication for WordPress (OTP, SMS, Email, Google Authenticator)" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.

ERROR1

PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of function plugin_dir_path(). Use wp_upload_dir() to get the uploads directory path or save to the database instead.

WARNING1

upgrade_notice_limit

The upgrade notice for "6.2.5" exceeds the limit of 300 characters.

Code	Type	Message	Count
wp_function_not_compatible_with_requires_wp	ERROR	Function "current_datetime()" requires WordPress 5.3.0, but your plugin minimum supported version is WordPress 3.0.1.	610
WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound	WARNING	Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DEFAULT_GOOGLE_APPNAME".	2
trademarked_term	WARNING	The plugin name includes a restricted term. Your chosen plugin name - "miniOrange 2FA – Two Factor Authentication for WordPress (OTP, SMS, Email, Google Authenticator)" - contains the restricted term "wordpress" which cannot be used at all in your plugin name.	2
PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite	ERROR	Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of function plugin_dir_path(). Use wp_upload_dir() to get the uploads directory path or save to the database instead.	1
upgrade_notice_limit	WARNING	The upgrade notice for "6.2.5" exceeds the limit of 300 characters.	1

Latest Snapshot

Findings

616

Errors

611

Warnings

Score History

First score snapshot

First scan completed Jun 20, 2026

v6.2.5 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2

Jun 20, 2026

v6.2.5

Latest

Findings: 616
Errors: 611
Warnings: 5
Plugin Check: 2.0.0
Model: 2026.06-mvp-static-v2

Scan	Score	Findings	Errors	Warnings	Plugin	Plugin Check	Model
Jun 20, 2026Latest	88	616	611	5	v6.2.5	2.0.0	2026.06-mvp-static-v2

9k+ active installs

Two Factor

100k+ active installs

2FA MFA authentication

Two Factor Authentication

20k+ active installs

2FA TFA google authenticator

WP 2FA – Two-factor authentication for WordPress

100k+ active installs

2-factor authentication 2FA WordPress authentication

WP Hide & Security Enhancer

50k+ active installs

2FA headers hide

Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention

1m+ active installs

2FA Brute Force firewall