外掛說明

前往 [使用者]→[個人資料] 中的 [兩步驟驗證選項]，便能為網站帳號啟用及設定一或多個兩步驟驗證方式：

透過電子郵件傳送驗證碼
TOTP 驗證碼 (Time Based One-Time Passwords，以時間為基礎、最通用的演算法)
FIDO U2F 安全金鑰 (Universal 2nd Factor，通用第二因素)
備用驗證碼
測試模式 (僅供測試目的使用)

如需進一步了解這個外掛的開發沿革，請參閱這篇文章。

動作及篩選器

以下所列為這個外掛提供的動作及篩選器勾點：

two_factor_providers 篩選器：這個篩選器會覆寫如電子郵件及 TOTP 等兩步驟驗證功能提供程式。陣列值為兩步驟驗證功能提供程式的 PHP 類別名稱。
two_factor_enabled_providers_for_user 篩選器：這個篩選器會覆寫已為使用者啟用的兩步驟驗證功能提供程式清單。第一個引數是已啟用的功能提供程式類別名稱值陣列，第二個引數為使用者 ID。
two_factor_user_authenticated 動作：這個動作會接收已登入的 WP_User 物件作為第一個引數，用於完成驗證工作流程後立即確定已登入的使用者。
two_factor_token_ttl 篩選器：這個篩選器會覆寫電子郵件權杖產生後的使用期限 (以秒為單位)。接受第一個引數為以秒為單位的時間間隔設定後，才能驗證 WP_User 物件的 ID。

參與外掛專案

外掛開發工作均存放在 GitHub。請加入 WordPress Slack 上的 #core-passwords 頻道 (點擊這裡進行註冊)。

外掛安裝命令：

$ git clone https://github.com/wordpress/two-factor.git
$ npm install

然後提交一份包含建議變更的提取要求。

螢幕擷圖

[個人資料] 頁面中的 [兩步驟驗證選項]
[個人資料] 頁面中的 U2F 安全金鑰設定
登入 WordPress 後，使用電子郵件傳送驗證碼進行驗證

使用者評論

vy name 2022 年 6 月 10 日

I surely want to acknowledge my gratitude to this plugin's authors. Their work is to be measured by the effect it has on protecting WP sites and how effortlessly it works. Fricton-free and effective. Just great!

carnalpl 2022 年 5 月 1 日

U2F key cannot be added.

clpjas 2022 年 3 月 8 日

I really hate giving this one-star but the plugin is out of date and broken. This plugin was suggested to me back when I was looking for 2FA methods. It looked promising and worked great, but features are broken, it's fallen behind in supporting the latest versions of WordPress, and has not been updated in half a year. It's a real shame because I've not found a 2FA plugin that can match this plugin...

WPSpeedo 2022 年 3 月 7 日

The plugin is good, it works fine with the membership plugin.

Devyn Brugge 2021 年 12 月 1 日

Really lightweight plugin, it seemed safe to implement and worked for day until admins reported issues. However, my case seems to be a conflict with Toolset Access and I am now having an impossible time trying to remove from my site. Even though I have deactivated, the combination of both these plugins seems to have corrupted the user access table. When an admin accesses the login page, we get a message "You don’t have permission to access this page." Sometimes, changing browsers/VPNs fixes it temporarily. There is no way to remove the plugin settings with uninstall.

Fahrenhe1t 2021 年 11 月 25 日

This plugin is great for increasing login security by enabling Yubikey 2-Factor Authentication (FIDO U2F), or Time-based One Time Passwords (TOTP). It's very impressive; as if the Wordpress devs themselves integrated it. It even lets you create application-specific passwords (so you can log in with a password on the Wordpress app).

閱讀全部 151 則使用者評論