外掛說明
SecureAuth Authenticator 2FA enhances your WordPress login security by requiring a time-based one-time password (TOTP) in addition to the regular username and password. The TOTP code is generated by an authenticator app on your mobile device, adding an extra layer of protection even if your password is compromised.
This plugin is lightweight, secure, and easy to use. It integrates directly into the user profile page to allow users to set up and manage their two-factor authentication with ease.
Features:
- Adds a TOTP (Time-Based One-Time Password) field to the login form.
- User-friendly 2FA setup available on each user’s profile page.
- Generates secret keys and displays QR codes for scanning with mobile apps.
- Compatible with apps like Google Authenticator, Microsoft Authenticator, and Authy.
- Secure handling with nonce verification and input sanitization.
- No external libraries required (except Google Chart API for QR code).
安裝方式
- Upload the plugin files to the
/wp-content/plugins/secureauth-authenticator-2fadirectory or install the plugin through the WordPress plugin screen. - Activate the plugin via the Plugins menu in WordPress.
- Navigate to Users > Your Profile and scroll to the SecureAuth Authenticator 2FA section.
- Scan the QR code using your mobile authenticator app and enable 2FA.
- On your next login, you’ll be prompted to enter the TOTP code from your app along with your password.
常見問題集
-
What if I lose access to my authenticator app?
-
You should always save the secret key provided during setup in a secure location. If you lose access, a site administrator can disable 2FA for your account directly through the database or your user profile.
-
Does this plugin support recovery codes or backup options?
-
Not yet. This plugin is intentionally kept minimal to reduce complexity. However, recovery features may be added in future updates based on user feedback.
-
Which user roles can enable 2FA?
-
Currently, any logged-in user with access to their profile page can enable 2FA individually.
-
Is 2FA mandatory for all users?
-
No. As of version 1.0.0, 2FA is optional and must be enabled manually by each user.
使用者評論
這個外掛目前沒有任何使用者評論。
參與者及開發者
變更記錄
1.0.0
- Initial release.
- Add TOTP-based 2FA support for WordPress login.
- QR code generation using Google Chart API.
- Secure nonce verification and input sanitization.