Two-Factor
Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and …
Overview
Compatibility
Customer support & learning resources
Main benefits
Multiple authentication providers
Email codes support
Time-based passwords
FIDO U2F compatibility
Backup codes available
About this plugin
Author: George Stephanis
Categories: Security
Version: 0.9.1
Last updated: 25-04-2024
WordPress version: 4.3
Tested up to: 6.5.5
PHP version required: 5.6
Languages: English (Canada), English (UK) [+32]
Tags:
Learning resources: View resources
Overview
The presented WordPress plugin is designed to enhance user account security by offering multiple two-factor authentication (2FA) options. Users can configure their preferred authentication methods, such as Email Codes, Time-Based One-Time Passwords (TOTP), FIDO Universal 2nd Factor (U2F), Backup Codes, and a Dummy Method for testing purposes, through the “Two-Factor Options” section in their profile settings. The plugin also provides a comprehensive set of action and filter hooks for developers to customize the 2FA providers, manage the list of enabled providers for each user, handle authentication events, and adjust the token time-to-live intervals. These features collectively help to establish a robust security layer, ensuring that only authorized users can access their WordPress accounts.
Multiple Two-Factor Authentication Providers
- Email codes
- Time Based One-Time Passwords (TOTP)
- FIDO Universal 2nd Factor (U2F)
- Backup Codes
- Dummy Method (only for testing purposes)
Customizable Two-Factor Providers
- Override available two-factor providers using the two_factor_providers filter
- Enable specific providers for users with the two_factor_enabled_providers_for_user filter
Enhanced Security
- Two-factor authentication adds an extra layer of security
- Reduces the risk of unauthorized access
Flexible Token Management
- Customize the time interval for email token validity with the two_factor_token_ttl filter
- Adjust token settings based on user requirements
Rating and reviews
vartdomen
26 May, 2024
Plugin nice work with true SMTP configuration
svenbolte
17 May, 2024
i have tested lots of plugins to implement a flexible MFA to wp admin areas. This one is defly the best of it.
it is slim, simple, easy to configure und supports email tokens and the ms authenticator ap aswell as fido keys or google auth app.
Alex
25 Apr, 2024
Just works.
Dan Knauss
11 Apr, 2024
If you are not using another 2FA system, this is the simplest and best way to quickly protect your site and your users from compromised accounts. It is a common and often required security-by-default feature on many enterprise WordPress sites. Everyone should use it if they’re not using another 2FA solution.
***Be sure to add the code snippet Kaspars (one of the contributors) shared in the support form thread to require 2FA by default for all users.***
And if you are allowing open registration (where anyone visiting your site can create an account) you will also want to install and activate the WP Approve User plugin contributed by Konstantin Obenland.
These are both 100% free, rock-solid, community-contributed plugins from expert WP folks. <3
petitotet
28 Mar, 2024
Is it possible to customize the language in which it appears on the website?
Thanks!
