Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

Setting up two-factor authentication

Two-factor authentication (2FA) adds a second login factor — a six-digit code from an authenticator app — to your VMP Security account. After you enable it, signing in to vmpsecurity.com requires both your password and the current code from your authenticator. Even if your password is leaked, your account stays protected.

In This Article

Enabling 2FA on your account

  1. Sign in to vmpsecurity.com.
  2. Open My Account.
  3. Find the Two Factor Authentication section.
  4. Click ENABLE WITH AUTHENTICATOR APP. The setup modal opens with a QR code and a setup secret.
  5. Scan the QR code with your authenticator app, then enter the current six-digit code from the app to confirm and finish setup.

Once enabled, the section flips to a green “ENABLED” badge with two buttons: REGENERATE BACKUP CODES and DISABLE.

Supported authenticator apps

Any authenticator app that supports the standard TOTP algorithm (RFC 6238) works. Common choices:

  • Google Authenticator
  • 1Password (built-in TOTP)
  • Authy
  • Microsoft Authenticator
  • Bitwarden Authenticator
  • YubiKey Authenticator (for use with a YubiKey instead of a phone)

If you already use a password manager that supports TOTP, store the second factor there alongside the password — you keep both halves of the sign-in in one synced, encrypted store.

Backup codes

Setup gives you a set of one-time backup codes. Each code can substitute for an authenticator code if you do not have your phone. Save them somewhere durable (a password manager, a printed copy in a safe). After a code is used, it is consumed and cannot be reused.

Click REGENERATE BACKUP CODES to invalidate your existing codes and generate a fresh set — do this if you suspect a code has been seen by someone you did not intend to share it with.

Disabling 2FA

Click DISABLE in the Two Factor Authentication section. Your account will fall back to password-only sign-in. We strongly recommend leaving 2FA enabled; it is by far the most effective protection against credential leaks.

Troubleshooting

The code from my app does not work. Almost always clock skew. TOTP codes are based on the current time; if your phone clock and our server clock disagree by more than 30 seconds, every code looks wrong. Make sure your phone has automatic time enabled.

I lost my phone. Sign in using a backup code, then disable 2FA from the My Account page and re-enable it on the new device.

I lost my phone and I do not have backup codes. Contact support — recovery requires manual identity verification and is intentionally not a self-service path.

Contents