Title: Two Factor (2FA) Authentication via Email Author: Sully Published: 2023 年 3 月 15 日 Last modified: 2025 年 12 月 3 日 --- 搜尋外掛 ![](https://ps.w.org/two-factor-2fa-via-email/assets/banner-772x250.png?rev=2948064) ![](https://ps.w.org/two-factor-2fa-via-email/assets/icon-256x256.png?rev=2895273) # Two Factor (2FA) Authentication via Email 由 [Sully](https://profiles.wordpress.org/ss88_uk/) 開發 [下載](https://downloads.wordpress.org/plugin/two-factor-2fa-via-email.1.9.9.zip) [即時預覽](https://tw.wordpress.org/plugins/two-factor-2fa-via-email/?preview=1) * [詳細資料](https://tw.wordpress.org/plugins/two-factor-2fa-via-email/#description) * [使用者評論](https://tw.wordpress.org/plugins/two-factor-2fa-via-email/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/two-factor-2fa-via-email/#installation) * [開發資訊](https://tw.wordpress.org/plugins/two-factor-2fa-via-email/#developers) [技術支援](https://wordpress.org/support/plugin/two-factor-2fa-via-email/) ## 外掛說明 簡單、輕量化、有實效,可透過電子郵件進行兩步驟驗證的外掛。網站管理員可以為個別使用者 啟用這項功能,也可以在網站的 `wp-config.php` 檔案中增加一行常數,便能為全部網站管理 員、編輯或全部帳號強制啟用這項功能。 WordPress 是目前最受歡迎的內容管理系統 (CMS),全球超過 40% 的網站都執行 WordPress。 正因為如此,它成為駭客希望透過已揭露的未授權存取漏洞攻擊的主要目標。保護 WordPress 網站安全中最有效的方式,便是為網站管理員啟用兩步驟驗證功能。 * 啟用外掛後,便能為個別使用者啟用兩步驟驗證功能。 * 請確保 WordPress 網站能夠正常傳送電子郵件。最佳方式是使用 SMTP 外掛。 **參考我們開發的其他外掛:** * 🎉 [Media Library File Size](https://tw.wordpress.org/plugins/media-library-file-size/) * ✨ [Export Single Post Page](https://tw.wordpress.org/plugins/single-post-page-export/) * 🙍‍♂️ [View User Metadata](https://tw.wordpress.org/plugins/view-user-metadata/) * 🔠 [Enable Turnstile (Cloudflare) for Gravity Forms](https://tw.wordpress.org/plugins/enable-turnstile-cloudflare-for-gravity-forms/) * ⭐️⭐️⭐️⭐️⭐️ [Gravity Forms to FreeScout](https://neoboffin.com/plugins/gravity-forms-freescout?utm_campaign=OtherPlugins) ## 螢幕擷圖 * [[ * 在每一個使用者的 [個人資料] 頁面,使用者可以自行開啟或關閉兩步驟驗證功能 * [[ * 啟用兩步驟驗證功能後,使用者登入後會看到的畫面 * [[ * 錯誤訊息畫面範例 * [[ * 這個兩步驟驗證外掛遭到停用時,傳送至預設網站管理員的電子郵件範例 ## 安裝方式 使用 WordPress 的自動安裝程式或下載外掛安裝套件 ZIP 壓縮檔,並且依照以下方式安裝: 1. 將外掛安裝套件 ZIP 壓縮檔解壓縮所得的 `two-factor-2fa-via-email` 資料夾上傳至網站 的 `/wp-content/plugins/` 目錄中。 2. 在 WordPress 管理後台的 [外掛] 選單中啟用外掛。 3. 使用者前往個人專屬的 [個人資料] 頁面 (網站管理員可前往個別使用者的 [個人資料] 頁 面),然後啟用兩步驟驗證。 ## 常見問題集 ### 帳號遭到鎖定,需要協助! 如果使用者沒有收到可以獲得帳號登入存取權的電子郵件,網站管理員就必須停用這個外掛。 此時停用外掛的唯一方式,便是將外掛資料夾從 `two-factor-2fa-via-email` 重新命名為` two-factor-2fa-via-email.backup` 或其他名稱。 ### 15 分鐘的登入連結有效時間對使用者來說太長/太短。如何變更這項預設值? 可以。從 1.5.2 版開始,網站管理員可以在網站的 `wp-config.php` 檔案中加入以下常數 及設定值。 ``` define('SS88_2FAVE_LINK_EXPIRES_MINUTES', 10); ``` 上方常數示範設定值的 10 代表登入連結有效時間,單位為分鐘,網站管理員可以依據需求 變更。 ### 是否能為每一位 [網站管理員] 使用者群組的使用者強制啟用外掛提供的兩步驟驗證功能? 可以。從 1.6 版開始,網站管理員可以在網站的 `wp-config.php` 檔案中加入以下常數及 設定值。 ``` define('SS88_2FAVE_ENABLE_ADMINS', true); ``` ### 是否能為每一位 [編輯] 使用者群組的使用者強制啟用外掛提供的兩步驟驗證功能? 可以。從 1.6 版開始,網站管理員可以在網站的 `wp-config.php` 檔案中加入以下常數及 設定值。 ``` define('SS88_2FAVE_ENABLE_EDITORS', true); ``` ### 是否能為每一位 [投稿者] 使用者群組的使用者強制啟用外掛提供的兩步驟驗證功能? 可以。從 1.9.2 版開始,網站管理員可以在網站的 `wp-config.php` 檔案中加入以下常數 及設定值。 ``` define('SS88_2FAVE_ENABLE_CONTRIBUTORS', true); ``` ### 是否能為每一位 [訂閱者] 使用者群組的使用者強制啟用外掛提供的兩步驟驗證功能? 可以。從 1.7.1 版開始,網站管理員可以在網站的 `wp-config.php` 檔案中加入以下常數 及設定值。 ``` define('SS88_2FAVE_ENABLE_SUBSCRIBERS', true); ``` ### 是否能為網站的全部使用者強制啟用外掛提供的兩步驟驗證功能? 可以。從 1.6 版開始,網站管理員可以在網站的 `wp-config.php` 檔案中加入以下常數及 設定值。 ``` define('SS88_2FAVE_ENABLE_ALL', true); ``` ### 是否能變更外掛停用通知電子郵件的預設收件者? 可以。從 1.6 版開始,網站管理員可以在網站的 `wp-config.php` 檔案中加入以下常數及 設定值。 ``` define('SS88_2FAVE_NOTIFICATION_EMAIL', 'john@doe.com'); ``` 請將常數示範設定值的 `john@doe.com` 依需求變更為需要的電子郵件地址。 ### 是否能在使用 REST API 時停用兩步驟驗證? 可以。從 1.9 版開始,網站管理員可以在網站的 `wp-config.php` 檔案中加入以下常數及 設定值。 ``` define('SS88_2FAVE_API_DISABLE_ALL', true); ``` ### 如何在使用者登入後重新導向至指定網址? 從 1.9.1 版開始,網站管理員可以使用 `SS88_2FAVE_custom_redirect` 篩選器,如下所示: ``` add_filter('SS88_2FAVE_custom_redirect', function($URL) { if(current_user_can('editor')) return 'https://custom.com/page/here'; else return $URL; }); ``` ### 是否能覆寫 isEnabled 函式? 從 1.9.1 版開始,網站管理員可以使用 `SS88_2FAVE_isEnabled` 篩選器,如下所示: ``` add_filter('SS88_2FAVE_isEnabled', function($isEnabled, $UserID, $type) { // $isEnabled = Prior value // $UserID = ID of user // $type = Values are API or LOGIN return $isEnabled; }, 10, 3); ``` 請注意,如果網站管理員設定了 `SS88_2FAVE_ENABLE_ALL`、`SS88_2FAVE_ENABLE_ADMINS`、` SS88_2FAVE_ENABLE_EDITORS`、`SS88_2FAVE_ENABLE_CONTRIBUTORS`、`SS88_2FAVE_ENABLE_SUBSCRIBERS` 或 `SS88_2FAVE_API_DISABLE_ALL`,`SS88_2FAVE_isEnabled` 篩選器便會失效。 ## 使用者評論 ![](https://secure.gravatar.com/avatar/7cd1c6cb9bfc448eb5b90e249c0ff4e61c4061a86a68481311c0664c78c6eb62? s=60&d=retro&r=g) ### 󠀁[Exactly what I needed](https://wordpress.org/support/topic/exactly-what-i-needed-974/)󠁿 [Tapash](https://profiles.wordpress.org/tapashdatta/) 2024 年 10 月 20 日 1 則留言 Simple and lightweight plugin. Love it ![](https://secure.gravatar.com/avatar/50ed8f23e9e5c9a01b6e4a44797e70206981c700660efc84da0daa8abb11673c? s=60&d=retro&r=g) ### 󠀁[A lightweight, task-specific two-step login plugin](https://wordpress.org/support/topic/a-lightweight-task-specific-two-step-login-plugin/)󠁿 [Jeremy Wu](https://profiles.wordpress.org/dreamingwu/) 2024 年 4 月 29 日 1 則 留言 A lightweight, task-specific two-step login plugin that supports localization. It is very convenient for personal use or for protecting client websites. The developer responds quickly to reasonable requests. ![](https://secure.gravatar.com/avatar/0cd03c00eebfbf654561bfaa77d428b468e00c538a2763f851f2701e00065258? s=60&d=retro&r=g) ### 󠀁[Simple, lightweight and easy to use – should be baked into wordpress IMO](https://wordpress.org/support/topic/simple-lightweight-and-easy-to-use-should-be-baked-into-wordpress-imo/)󠁿 [nathantpc](https://profiles.wordpress.org/nathantpc/) 2024 年 4 月 11 日 1 則留言 Excellent plugin, just install and enable 2FA for specific admin accounts, or edit the wpconfig file for site-wide role-based 2FA control. ![](https://secure.gravatar.com/avatar/12c45aceacb7c5a535bae936e34d7e2b9f44720f240e15e06a7f723bb19704bc? s=60&d=retro&r=g) ### 󠀁[Easily gives that extra security everyone should have](https://wordpress.org/support/topic/easily-gives-that-extra-security-everyone-should-have/)󠁿 [bopsbees](https://profiles.wordpress.org/bopsbees/) 2023 年 4 月 1 日 1 則留言 After trying out some of the other plugins from this developer, I saw there was this 2FA plugin. The sheer amount of spam I get really has raised concerns about security and I’m so glad I found this. Install – click the toggle for 2FA on the user account – done. Easiest way to boost security going, no crazy configuration needs, took literally seconds to do. Seems to work perfectly and I feel a lot better about the integrity of my accounts. [ 閱讀全部 4 則使用者評論 ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/) ## 參與者及開發者 以下人員參與了開源軟體〈Two Factor (2FA) Authentication via Email〉的開發相關工作。 參與者 * [ Sully ](https://profiles.wordpress.org/ss88_uk/) 〈Two Factor (2FA) Authentication via Email〉外掛目前已有 3 個本地化語言版本。 感謝 [全部譯者](https://translate.wordpress.org/projects/wp-plugins/two-factor-2fa-via-email/contributors) 為這個外掛做出的貢獻。 [將〈Two Factor (2FA) Authentication via Email〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/two-factor-2fa-via-email) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/two-factor-2fa-via-email/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/two-factor-2fa-via-email/), 或透過 [RSS](https://plugins.trac.wordpress.org/log/two-factor-2fa-via-email/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/two-factor-2fa-via-email/)。 ## 變更記錄 #### 1.9.9 * Please update ASAP. Security Fix: CVE-2025-13587 * Removal of logo on 2FA Login Screen #### 1.9.8 * Thank you for 10,000+ active installations! 🙂 * Fix: REST API authentication #### 1.9.7 * PHP Warning fix on new user #### 1.9.6 * Integrated Initialization Vector * Canged Cipher to AES-256-CBC * Added ‘pretty formatting’ when token decrption fails #### 1.9.5 * UX improvement: Refresh 2FA Page with countdown when user is sucessfully logged in #### 1.9.4 * Improved `header_remove()` function by only removing `Set-Cookie` #### 1.9.3 * A new constant has been integrated which can be added in wp-config.php to override individual user settings to force 2FA to be enabled for Contributors. Add `SS88_2FAVE_ENABLE_CONTRIBUTORS` to your `wp-config.php` i.e. `define('SS88_2FAVE_ENABLE_CONTRIBUTORS', true);`. #### 1.9.2 * Added PHP’s `header_remove();` function upon logging in. Seems to solve 502 ad 503 issues, especially with GoDaddy. #### 1.9.1 * A new filter `SS88_2FAVE_custom_redirect` was added. You can now override the final URL where users are redirect to after sucessfully logging in. See example in FAQs. * A new filter `SS88_2FAVE_isEnabled` was added. You can now override if 2FA is enabled. See example in FAQs. #### 1.9 * The REST API (by default) has 2FA enabled. There are now new settings to disable it on an individual user basis by using the user edit screen. * A new constant `SS88_2FAVE_API_DISABLE_ALL` was added to completely disable the 2FA on the REST API. #### 1.8 * Added 1.7.1 to trunk in WP Plugin Directory for rollback compatibility * We are now using $priority 1 on the wp_login hook * Added theme/folder compatibility. As of v1.4 developers could add `ss88-2fa-page. php` to their theme directory. We now support an additional directory `ss88-2fa` i.e. `wp-content/themes/xxx/ss88-2fa/2fa-page.php`. v1.4 functionality will be removed in a future release in favor for the new directory `ss88-2fa`. * Added support for advanced developers to use a custom 2FA email. You can now override the 2FA email by copying `assets/html/login-email.php` to your theme’s directory. Upload this file to `wp-content/themes/xxx/ss88-2fa/login-email.php` to customize it! #### 1.7.1 * A new constant has been integrated which can be added in wp-config.php to override individual user settings to force 2FA to be enabled for Subscribers. Add `SS88_2FAVE_ENABLE_SUBSCRIBERS` to your `wp-config.php` i.e. `define('SS88_2FAVE_ENABLE_SUBSCRIBERS', true);`. #### 1.7 * Localization integration #### 1.6.4 * Integration with the default Remember Me checkbox from WordPress #### 1.6.3 * Integration with Ultimate Member #### 1.6.2 * Removed accidental code forcing everyone who logged in to receive a 2FA screen #### 1.6.1 * Deactivation fatal error fix #### 1.6 * New Features: * Wording changed when SMTP is not enabled. * The plugin now sends an email to the site admin if the plugin is deactivated. The email can be overridden by defining the constant `SS88_2FAVE_NOTIFICATION_EMAIL` in `wp-config.php` i.e. `define('SS88_2FAVE_NOTIFICATION_EMAIL', 'john@doe.com');` * Three new constants added which can be added in wp-config.php to override individual user settings to force 2FA to be enabled. They are: `SS88_2FAVE_ENABLE_ALL` ( to enable for every single account), `SS88_2FAVE_ENABLE_ADMINS` (to enable only for Administrators), and `SS88_2FAVE_ENABLE_EDITORS` (to enable for Editors) i.e. `define('SS88_2FAVE_ENABLE_ALL', true);`. #### 1.5.2 * Replaced sanitize_url in favor of esc_url * Added a new constant `SS88_2FAVE_LINK_EXPIRES_MINUTES` so that users can define their own link expiry time in minutes * Added a JavaScript countdown timer to the login page #### 1.5.1 * Email content fix #### 1.5 * ‘Fancy’ emails * Moving files into appropriate folders * Re-order of security features when logging in #### 1.4 * Added PHP_INT_MAX to wp_login hook * Added support for advanced developers to use a custom 2FA template. You can now override the 2FA page by copying `assets/2fa-page.php` to your theme’s directory. Upload this file to `wp-content/themes/xxx/ss88-2fa-page.php` to customize it! #### 1.3 * Fixed ‘dismiss’ link on notification * Added support for SMTP Mailer check #### 1.2 * Added support link to plugin page #### 1.1 * Fix openssl key * Fix echo’ing #### 1.0 * Initial release. ## 中繼資料 * 版本 **1.9.9** * 最後更新 **5 個月前** * 啟用安裝數 **9,000+** * WordPress 版本需求 ** 4.6 或更新版本 ** * 已測試相容的 WordPress 版本 **6.9.4** * PHP 版本需求 ** 5.6 或更新版本 ** * 語言 * [Chinese (Taiwan)](https://tw.wordpress.org/plugins/two-factor-2fa-via-email/)、 [Dutch](https://nl.wordpress.org/plugins/two-factor-2fa-via-email/)、[English (US)](https://wordpress.org/plugins/two-factor-2fa-via-email/)、 及 [Hebrew](https://he.wordpress.org/plugins/two-factor-2fa-via-email/). * [將這個外掛本地化為你的母語版本](https://translate.wordpress.org/projects/wp-plugins/two-factor-2fa-via-email) * 標籤 * [2FA](https://tw.wordpress.org/plugins/tags/2fa/)[2fa-authentication](https://tw.wordpress.org/plugins/tags/2fa-authentication/) [authentication](https://tw.wordpress.org/plugins/tags/authentication/)[two factor](https://tw.wordpress.org/plugins/tags/two-factor/) [two factor authentication](https://tw.wordpress.org/plugins/tags/two-factor-authentication/) * [進階檢視](https://tw.wordpress.org/plugins/two-factor-2fa-via-email/advanced/) ## 評分 5 星,滿分為 5 星 * [ 4 個 5 星使用者評論 ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=5) * [ 0 個 4 星使用者評論 ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=4) * [ 0 個 3 星使用者評論 ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=3) * [ 0 個 2 星使用者評論 ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=2) * [ 0 個 1 星使用者評論 ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/) ## 參與者 * [ Sully ](https://profiles.wordpress.org/ss88_uk/) ## 技術支援 最近 2 個月解決的問題: 總計 2 個問題,已解決 2 個 [檢視技術支援論壇](https://wordpress.org/support/plugin/two-factor-2fa-via-email/) ## 贊助 想要支援這個外掛的發展嗎? [ 贊助這個外掛 ](https://paypal.me/SS88/)