KwtSMS: OTP & SMS Notifications Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
kwtSMS replaces or supplements WordPress passwords with SMS one-time codes, sends WooCommerce order updates automatically, and lets you verify phone numbers on any contact form. Built on the kwtSMS SMS gateway.
Built for Arabic-speaking markets (Kuwait, Saudi Arabia, UAE, Bahrain, Qatar, Oman) with full RTL admin support and bilingual SMS templates in English and Arabic.
Authentication
- 2FA Mode: users log in with username + password, then confirm with a 6-digit SMS code
- Passwordless Mode: users enter their phone number and receive an OTP to log in directly, no password needed
- Both Modes: let each user choose their preferred method
- Password Reset via SMS: replace the email link with an SMS OTP verification flow
- Role-Based Enforcement: configure which user roles must pass OTP (exclude administrators, apply only to customers, etc.)
- Welcome SMS: send a customisable welcome message when a new user registers
- Country Code Dropdown: restrict the dial-code selector on login forms to GCC countries or a custom list
WooCommerce Integration
- 7 order status notifications: Processing, On-Hold (Shipped), Completed, Cancelled, Pending Payment, Refunded, Failed
- Admin order notifications: automatically notify a configurable admin phone number on any order status change
- Checkout OTP Gate: require phone verification before the customer can place an order (all methods or COD-only)
- Per-status templates: independent English + Arabic SMS template for every order status
- Admin SMS panel: send a custom free-text SMS to any order’s customer from the order edit screen
- Stock alerts: low stock, out of stock, and backorder notifications to admin
- New product SMS: notify admin when a product is first published
- Back-in-stock notifications: customers subscribe on out-of-stock product pages, SMS sent automatically on restock
- Instant new order SMS: notify admin the moment an order is placed, before status processing
- Cart abandonment recovery: detect abandoned carts, send recovery SMS with auto-generated coupon codes, track recovery stats on the dashboard
- Multivendor support: per-vendor order SMS for Dokan, WCFM, and WC Vendors
- HPOS (High-Performance Order Storage) compatible
Contact Form Integrations
Each integration supports two modes: Notification (send a confirmation SMS on submit) and OTP Gate (block submission until the phone number is verified):
- Contact Form 7
- WPForms
- Ninja Forms
Security
- Sliding-window rate limiting per phone number, per IP address, and per user account
- Duplicate OTP guard: reuses existing valid OTP on double-click or page reload
- IP Allowlist/Blocklist with CIDR support for IPv4 and IPv6
- IPHub proxy/VPN detection (optional): silently block or flag OTP requests from known proxies
- Registration OTP gate: verify phone via OTP before account creation
- Trusted Devices: trust a device for 30 days after 2FA, with profile revoke controls
- Phone blocking list: silently drop OTP requests from blocked numbers (anti-enumeration)
- Attempt lockout after configurable max failures
- Google reCAPTCHA v3 and Cloudflare Turnstile support
- All credentials stored server-side, never output to HTML
- Nonces on every form and AJAX action
- Anti-enumeration: password reset never reveals whether an account exists
External Services
This plugin connects to the following external services:
1. kwtSMS API (required): sends all SMS messages. kwtsms.com | Terms | Privacy
2. ipapi.co (optional): detects visitor country for dial-code pre-selection. ipapi.co | Terms | Privacy
3. IPHub (optional): proxy/VPN detection on OTP requests. iphub.info | Terms | Privacy
4. Google reCAPTCHA v3 (optional): bot protection on OTP forms. google.com/recaptcha | Terms | Privacy
5. Cloudflare Turnstile (optional): alternative bot protection. cloudflare.com/turnstile | Terms | Privacy
Admin
- Users Without Phone sub-page under the WordPress Users menu: lists all registered users missing a phone number, with a dynamic count badge on the menu item
Test Mode
Enable Test Mode in the Gateway settings to test without receiving real SMS messages. Messages are queued on the kwtSMS server but never delivered to the phone. Credits are still deducted. To recover them, log in to your kwtSMS account dashboard and delete the queued messages. The OTP code is visible under kwtSMS > Logs > Debug Log so you can complete flows during development.
Languages
Ships with English (default) and Arabic translations. The plugin admin UI and all user-facing strings are fully translatable.
Help & Support
- kwtSMS FAQ: Answers to common questions about credits, sender IDs, OTP, and delivery.
- kwtSMS Support: Open a support ticket or browse help articles.
- Contact kwtSMS: Reach the kwtSMS team directly for Sender ID registration and account issues.
- Sender ID Help: Sender ID registration and guidelines.
- kwtSMS Dashboard: Recharge credits, buy Sender IDs, view message logs, and manage coverage.
- Other Integrations: Plugins and integrations for other platforms and languages.
- Plugin Issues: Report bugs or request features for this WordPress plugin.
Screenshots
Gateway settings: API credentials, live account balance, Sender ID dropdown, and Test Mode toggle.
SMS Templates in Arabic (RTL): bilingual template editor with live character counter and SMS page indicator.
Two-Step Verification screen: OTP entry step shown after successful password login (2FA mode).
Passwordless login: phone number entry with country code selector, no password required.
Password reset via OTP: SMS verification step that replaces the default email reset link.
WooCommerce integration: per-status SMS templates and checkout OTP gate configuration.
Integrations overview: WooCommerce, Contact Form 7, WPForms, and Ninja Forms.
SMS Logs: full send history with date, Sender ID, message preview, phone, type, status, and API response.
