Title: OOSOFT 2FA Security
Author: oosoft
Published: <strong>2026 年 4 月 28 日</strong>
Last modified: 2026 年 5 月 15 日

---

搜尋外掛

![](https://ps.w.org/oosoft-2fa-security/assets/icon-256x256.png?rev=3518666)

# OOSOFT 2FA Security

 由 [oosoft](https://profiles.wordpress.org/oosoft/) 開發

[下載](https://downloads.wordpress.org/plugin/oosoft-2fa-security.zip)

 * [詳細資料](https://tw.wordpress.org/plugins/oosoft-2fa-security/#description)
 * [使用者評論](https://tw.wordpress.org/plugins/oosoft-2fa-security/#reviews)
 *  [安裝方式](https://tw.wordpress.org/plugins/oosoft-2fa-security/#installation)
 * [開發資訊](https://tw.wordpress.org/plugins/oosoft-2fa-security/#developers)

 [技術支援](https://wordpress.org/support/plugin/oosoft-2fa-security/)

## 外掛說明

OOSOFT 2FA Security adds robust two-factor authentication to your WordPress site.
Protect every login with a second verification step using a TOTP authenticator app(
Google Authenticator, Authy, etc.) or a one-time code sent to your email address.

**Key Features:**

 * **TOTP Authenticator App** — compatible with Google Authenticator, Authy, Microsoft
   Authenticator, and any RFC 6238-compliant app.
 * **Email OTP** — sends a time-limited one-time code to the user’s registered email
   address.
 * **Backup Codes** — generate single-use recovery codes so users are never locked
   out.
 * **Role-Based Enforcement** — require 2FA for specific roles (e.g. administrators)
   while leaving it optional for others.
 * **Rate Limiting** — brute-force protection with configurable attempt limits and
   lockout periods.
 * **Security Logs** — detailed event logging with filterable admin view and automatic
   pruning.
 * **Encrypted Secret Storage** — TOTP secrets are encrypted at rest using libsodium(
   preferred) or AES-256-GCM/CBC via OpenSSL.
 * **HKDF Key Derivation** — encryption keys are derived from your WordPress secret
   keys; no raw key material is stored.

## 安裝方式

 1. Upload the `oosoft-2fa-security` folder to the `/wp-content/plugins/` directory.
 2. Activate the plugin through the **Plugins** menu in WordPress.
 3. Go to **Settings > 2FA Security** to configure enforcement rules and options.
 4. Users can set up their preferred 2FA method from their **Profile** page.

## 常見問題集

### Which authenticator apps are supported?

Any app that supports the TOTP standard (RFC 6238), including Google Authenticator,
Authy, Microsoft Authenticator, and 1Password.

### What happens if a user loses their authenticator app?

Users can log in with one of their backup codes. Administrators can also disable
2FA for a user from the Users list.

### Is TOTP secret storage secure?

Yes. Secrets are encrypted with AES-256 (libsodium secretbox preferred, OpenSSL 
AES-256-GCM/CBC as fallback) before being stored in the database. Encryption keys
are derived from your site’s unique WordPress secret keys via HKDF-SHA256.

### Does this plugin work with WooCommerce or custom login forms?

The plugin intercepts WordPress’s core authentication pipeline, so it works with
any theme or plugin that uses `wp_signon()` or the standard login form.

## 使用者評論

這個外掛目前沒有任何使用者評論。

## 參與者及開發者

以下人員參與了開源軟體〈OOSOFT 2FA Security〉的開發相關工作。

參與者

 *   [ oosoft ](https://profiles.wordpress.org/oosoft/)
 *   [ OOSOFT ](https://profiles.wordpress.org/mudivillanv/)

[將〈OOSOFT 2FA Security〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/oosoft-2fa-security)

### 對開發相關資訊感興趣？

任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/oosoft-2fa-security/)、
查看 [SVN 存放庫](https://plugins.svn.wordpress.org/oosoft-2fa-security/)，或透過
[RSS](https://plugins.trac.wordpress.org/log/oosoft-2fa-security/?limit=100&mode=stop_on_copy&format=rss)
訂閱[開發記錄](https://plugins.trac.wordpress.org/log/oosoft-2fa-security/)。

## 變更記錄

#### 1.0.2

 * Improved escaping and security hardening throughout.
 * Removed deprecated load_plugin_textdomain() call (WordPress 4.6+ auto-loads translations).
 * Added HKDF key derivation fallback warning when WordPress secret keys are not
   configured.

#### 1.0.1

 * Fixed QR code scanning compatibility with major authenticator apps.
 * Switched to proven qrcodejs library for QR generation.

#### 1.0.0

 * Initial release.

## 中繼資料

 *  版本 **1.0.2**
 *  最後更新 **1 個月前**
 *  啟用安裝數 **少於 10 次**
 *  WordPress 版本需求 ** 6.0 或更新版本 **
 *  已測試相容的 WordPress 版本 **6.9.4**
 *  PHP 版本需求 ** 8.0 或更新版本 **
 *  語言
 * [English (US)](https://wordpress.org/plugins/oosoft-2fa-security/)
 * 標籤:
 * [2FA](https://tw.wordpress.org/plugins/tags/2fa/)[otp](https://tw.wordpress.org/plugins/tags/otp/)
   [security](https://tw.wordpress.org/plugins/tags/security/)[totp](https://tw.wordpress.org/plugins/tags/totp/)
   [two factor authentication](https://tw.wordpress.org/plugins/tags/two-factor-authentication/)
 *  [進階檢視](https://tw.wordpress.org/plugins/oosoft-2fa-security/advanced/)

## 評分

這個項目尚無任何評論記錄。

[Your review](https://wordpress.org/support/plugin/oosoft-2fa-security/reviews/#new-post)

[查看全部使用者評論](https://wordpress.org/support/plugin/oosoft-2fa-security/reviews/)

## 參與者

 *   [ oosoft ](https://profiles.wordpress.org/oosoft/)
 *   [ OOSOFT ](https://profiles.wordpress.org/mudivillanv/)

## 技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

 [檢視技術支援論壇](https://wordpress.org/support/plugin/oosoft-2fa-security/)

## 贊助

想要支援這個外掛的發展嗎？

 [ 贊助這個外掛 ](https://buymeacoffee.com/oosoft)