A Performance Evaluation of Two-Factor Authentication Plugins in WordPress for Resource-Constrained Environments

Two-factor authentication (2FA) is essential for securing web applications against unauthorized access. However, its performance overhead on resource-constrained systems, such as those in Internet of Things (IoT) environments, remains a significant concern, especially under high-load conditions. This paper presents an empirical analysis of the performance impact of three leading 2FA plugins on the WordPress platform. Using a virtualized testbed to simulate low-specification servers, we systematically measure key performance indicators, including throughput, response time, and server resource utilization, during high-traffic login scenarios. Our findings demonstrate that, while all 2FA plugins introduce significant overhead, their impact on memory consumption varies considerably. Furthermore, the results conclusively show that for this I/O-bound workload, CPU core count is the primary bottleneck, and increasing it yields a more substantial performance gain than increasing system memory. This study provides quantitative insights into the performance trade-offs of implementing 2FA, offering valuable guidance for deploying secure web services on resource-limited hardware.