外掛說明
這個外掛能為 Two Factor 外掛加入對 WebAuthn 及密碼金鑰的支援,提供新式且安全的驗證方法。
外掛特色
- 支援 WebAuthn 及密碼金鑰 (Windows Hello、Touch ID 及 YubiKeys 等)
- 具備與之前註冊的 U2F 安全金鑰的回溯相容性
- 方便使用的設定及無縫整合的驗證體驗
- 透過動作勾點自訂錯誤記錄及行為
- 搭配 Two Factor 外掛實作更有彈性的兩步驟驗證
這個外掛能讓使用者註冊並使用硬體安全金鑰及平台驗證器,藉以強化保護,防止以密碼為主的攻擊及網路釣魚。
注意事項
- 請使用 GitHub 的〈Issues〉回報程式碼錯誤
- GitHub 存放庫提供完整的原始程式碼及開發中的檔案
螢幕擷圖
使用者的 [個人資料] 頁面顯示已註冊的安全金鑰 
外掛設定頁
常見問題集
開放提問。
使用者評論
2026 年 2 月 23 日
Frictionless login experience for WordPress users: this is the perfect plugin, with no ads and no frills, just the strictly necessary options and working in literally 2 minutes.Compatible with: FIDO U2F, FIDO Hyperkey, Windows Hello and any other webauthn provider that is available on your machine.I can login with fingerprint, windows face scan, fingerprint on mobile, backup codes, email codes…
2025 年 1 月 14 日
This is great. You can literally log into WordPress with 2FA using one touch (password manager with auto-login combined with this for 2FA). Beats using an authenticator app any day.
2024 年 10 月 26 日
This is helpful for evaluating purposes of the code. As this plugin is part of a security level all the code should be readable easily for auditors.
Besides that, well done.Thank you.
2024 年 10 月 15 日
it worked last month perfectly, now I can’t register a new auth key.
2024 年 10 月 2 日
Thank you for bridging the gap while we wait for the PR.
This is what Open Source is all about.
2023 年 6 月 4 日
WebAuthn could be included in Two Factor, there’s a PR since Nov 22. Thanks for stepping in and even ENHANCING it. Very comprehensive!
參與者及開發者
變更記錄
2.6.1
- Compatibility with WordPress 6.9.4
- Refactor key management user interface
2.6.0
- Better support for passkeys
- Add hooks for logging errors
- Make plugin options more user-friendly
- Always show Retry button
- Update translations
2.5.6
- Fix authentication bypass with malformed request
- Additional hardening
2.5.5
- Compatibility with WordPress 6.9.1
2.5.4
- Platform requirements updated to PHP 8.1 and WordPress 6.0 (although the plugin still should work with older versions of PHP and WordPress)
- GH-1008: better integration with Two Factor 0.13.0
2.5.3
- Restore
WebAuthn_Provider::get_instance()because WPVIP has an ancient version of Two Factor
2.5.2
- Fix the conflict when another package loads a library that has
autoload.fileskey (see https://github.com/sjinks/wp-two-factor-provider-webauthn/pull/980)
2.5.1
- GH-898: do not show the UI if the plugin has failed to install its tables
- GH-972: do not show the profile UI if the provider is disabled
- drop official PHP 7.4 support
2.5.0
- iCloud support for Firefox (props dd32)
2.4.1
- GH-541: fix issues with YubiKeys (backported a patch by Markus Bauer from https://github.com/madwizard-org/webauthn-server/pull/23)
2.4.0
- GH-830: introduce
webauthn_register_key_use_nicenamefilter (props kat3samsin)
2.3.0
- GH-827: Add
webauthn_register_key_suppress_outputfilter - GH-826: Add
webauthn_app_idfilter to customize U2F AppID - GH-824: Initialize
wpdbproperties as early as possible - Update
madwizard/webauthnto 0.10.0
2.2.0
- Do not create user handles if they are not needed
- Add a hook to customize WebAuthN server
- Update dependencies
- Refactor tests
2.1.0
- GH-462: Use correct user ID when editing a user
- GH-456: Set relying party ID to COOKIE_DOMAIN if it is available (props dd32)
- Allow only for network-wide plugin activation (to match Two Factor)
2.0.3
- Update translations (thank you, Copilot)
- Add Ukrainian translation (thank you, Copilot)
2.0.2
- Update madwizard/webauthn to 0.9.0
- Update development dependencies
- Update E2E tests
2.0.1
- GH-295: fix client extensions validation
- Update development dependencies
2.0.0
- Put external dependencies into a unique namespace (GH-36, GH-53, GH-236)
- Update madwizard/webauthn to 0.8.0
- Update development dependencies
1.0.10
- Add zh-tw translations (props Chun-Chih Cheng, Alex Lion)
- GH-215, GH-33: Fix “Unable to save the key to the database” error for long public keys
- Update development dependencies
1.0.9
- Update madwizard/webauthn to 0.8.0
- Update development dependencies
- Add debug mode (activated with
define( 'DEBUG_TFPWA', true );)
1.0.8
- Security: Update guzzlehttp/guzzle to 7.4.5 (fix CVE-2022-31090 and CVE-2022-31091)
- Do not load the plugin while WordPress is being installed
1.0.7.1
- Fix deployment issue. It’s time to automate the process
1.0.7
- GH-130: fix Network Installation issue
- Update development dependencies
- Add security-related workflows to CI
- Improve tests
1.0.6.1
- Fix deployment issue
1.0.6
- GH-93: remove unnecessary
requiredattribute fromwebauthn_key_name - Security: Update guzzlehttp/guzzle to 7.4.4 (fix CVE-2022-31042 and CVE-2022-31043)
- Update development dependencies
1.0.5
- Synchronize plugin version across all files
1.0.4
- Update translations
- GH-93: add an option to turn off the old U2F provider
- Update dependencies
- Add more E2E tests
1.0.3
- GH-33: increase length of credential_id column to solve issues with Chrome on Mac
- GH-38: fix bugs preventing plugin uninstallation
- Make Settings::offsetGet() compatible with PHP 8.1
1.0.2
- Added E2E tests
- UI fixes
1.0.1
- First public release.