Title: 2FA Without PHP SESSIONs? Last modified: August 4, 2022 --- # 2FA Without PHP SESSIONs? * Resolved [Glowball](https://wordpress.org/support/users/glowball/) * (@glowball) * [3 years, 9 months ago](https://wordpress.org/support/topic/2fa-without-php-sessions/) * Hi, I’m looking for a 2FA plugin for WordPress that doesn’t use PHP SESSION variables. I work in Cybersecurity, and they are inherently unsecure (they can be compromised pretty easily in an attack on the server, and then someone can take over as another user). However, a lot of the plugins I’m finding use those SESSION variables. WordPress itself doesn’t even use them. Can miniOrange do it? * Also, what kind of methods do you support for 2FA? If you have a link to a page I can read about it, that would also be great. Thanks! * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2F2fa-without-php-sessions%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * [mayurjogale](https://wordpress.org/support/users/mayurjogale/) * (@mayurjogale) * [3 years, 9 months ago](https://wordpress.org/support/topic/2fa-without-php-sessions/#post-15890454) * Hi [@monica](https://wordpress.org/support/users/monica/), * Thank you for reaching out to us. * WordPress itself doesn’t even use them. Can miniOrange do it? * > I would like to inform you that our free Google Authenticator plugin does not > use PHP SESSION variables. * What kind of methods do you support for 2FA? * > Other than Google Authenticator, we support SMS verification, Email Verification, > OTP Over SMS / Email / Whatsapp / Telegram, Security Questions, QR Code Authentication, > Push Notification, Hardware tokens, TOTP methods,etc. * You can check out all the supported methods by miniOrange here: [2-factor methods](https://plugins.miniorange.com/2-factor-authentication-for-wordpress-wp-2fa#supported-methods-2fa) You can configure 2fa methods using this guide: [Setup Guide](https://plugins.miniorange.com/wordpress-two-factor-authentication-setup-guides) * I hope this will be helpful. * Thank you, miniOrange Team * Thread Starter [Glowball](https://wordpress.org/support/users/glowball/) * (@glowball) * [3 years, 9 months ago](https://wordpress.org/support/topic/2fa-without-php-sessions/#post-15892828) * Thanks for the quick response! I’m concerned about the increase in cybersecurity attacks and I want to keep my website safe. I’ll set up the plugin, thank you! Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘2FA Without PHP SESSIONs?’ is closed to new replies. * ![](https://ps.w.org/miniorange-2-factor-authentication/assets/icon-256x256.gif? rev=2652528) * [miniOrange 2FA – Two Factor Authentication for WordPress (OTP, SMS, Email, Google Authenticator)](https://wordpress.org/plugins/miniorange-2-factor-authentication/) * [Frequently Asked Questions](https://wordpress.org/plugins/miniorange-2-factor-authentication/#faq) * [Support Threads](https://wordpress.org/support/plugin/miniorange-2-factor-authentication/) * [Active Topics](https://wordpress.org/support/plugin/miniorange-2-factor-authentication/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/miniorange-2-factor-authentication/unresolved/) * [Reviews](https://wordpress.org/support/plugin/miniorange-2-factor-authentication/reviews/) ## Tags * [2fa](https://wordpress.org/support/topic-tag/2fa/) * [authentication](https://wordpress.org/support/topic-tag/authentication/) * [php session](https://wordpress.org/support/topic-tag/php-session/) * 2 replies * 2 participants * Last reply from: [Glowball](https://wordpress.org/support/users/glowball/) * Last activity: [3 years, 9 months ago](https://wordpress.org/support/topic/2fa-without-php-sessions/#post-15892828) * Status: resolved