The simple to use One-Time Password plugin enables you to login to your WordPress weblog using passwords which are valid for one session only. One-time passwords prevent stealing of your main WordPress password in less trustworthy environments, like internet caf├ęs, for example by keyloggers. For each login you can choose between using your main password or a one-time password. The one-time password system conforms to RFC 2289 of the Internet Engineering Task Force (IETF).

Version 2.0 of this plugin has a new option to protect administrative actions by one-time passwords. This option is disabled by default and only available when you logged-in with a one-time password. It is possible to define exceptions. The default exceptions are viewing the dashboard, adding a post (but not saving it) and logging out.


If the usage instructions and frequently asked questions don’t help, you can write a comment on the plugin home page.


The login screen displaying a RFC 2289 challenge:
One-Time password list

The one-time password list with the requested password:
One-Time password login

The OTPGen application on a phone that supports JavaME: (optional)
One-Time password generator

The window to authorize an administrative action: (optional)
One-Time password authorization