外掛說明
This plugin enhances the security of your WordPress website by adding a simple but effective two-factor authentication (2FA) screen after a successful password login.
Instead of adding fields to the main login page (which can cause conflicts), this plugin waits until a user has correctly entered their username and password. Then, it intercepts the login and presents them with a clean, separate screen to enter their 6-digit code from an authenticator app (like Google Authenticator, Authy, etc.).
This method is more secure, more compatible, and provides a smoother user experience.
Features:
Secure Post-Login Verification: 2FA check happens on a separate screen, after the password is correct.
Easy Setup: A simple “Usama 2FA” menu page for each user to scan a QR code and activate 2FA.
Backup Codes: On activation, 10 one-time-use backup codes are generated in case you lose your phone.
Regenerate Codes: You can generate new backup codes at any time from the settings page.
Lightweight & Simple: No bloat. Just the essential 2FA features.
Per-User: 2FA is enabled on a per-user basis. Administrators cannot control 2FA for other users.
External services
This plugin connects to a third-party API to generate the QR codes used during setup.
Service: goqr.me API (https://www.google.com/search?q=api.qrserver.com)
Usage: Used only once during setup to generate a QR code image that users scan with their authenticator app.
Data Sent: The API receives the user’s email address and the generated secret key (inside the OTPAuth URL) to create the image. This data is not stored by the service.
Provider: Foundata GmbH
Terms of Use: Terms of Use
Privacy Policy: Privacy Policy
螢幕擷圖
The simple “2FA Security” settings page in the admin dashboard.
The QR code and activation step.
The post-activation screen, showing the one-time backup codes.
The separate 2FA verification screen that appears after a successful password login.
安裝方式
From your WordPress Dashboard (Recommended):
Navigate to Plugins > Add New.
In the search bar, type “Usama Simple 2FA Authenticator”.
Click “Install Now” on the plugin.
Click “Activate”.
Once activated, a new “2FA Security” menu will appear in your admin sidebar. Click on it to set up your 2FA.
Manual Installation (from .zip):
Download the plugin .zip file.
Navigate to Plugins > Add New in your WordPress dashboard.
Click the “Upload Plugin” button at the top of the page.
Select the .zip file you downloaded and click “Install Now”.
Click “Activate”.
Go to the “2FA Security” menu in your sidebar to set up.
常見問題集
What authenticator apps does this work with?
This plugin uses the standard TOTP (Time-based One-Time Password) algorithm. It works perfectly with:
Google Authenticator
Authy
Microsoft Authenticator
1Password
LastPass Authenticator
…and any other standard TOTP app.
What happens if I lose my phone?
When you first activate 2FA, the plugin provides you with 10 one-time-use backup codes. You must save these in a secure place (like a password manager or a printed document). If you lose your phone, you can use one of these backup codes in place of the 6-digit authenticator code to log in.
How do I get new backup codes?
Go to the “2FA Security” page in your admin dashboard. You will see an option to “Generate New Backup Codes”. This will invalidate all of your old codes and create a new set for you.
Is this plugin secure?
Yes. Your secret key is stored securely in your user’s metadata, and the login check uses a separate, temporary key (a “transient”) to manage the post-login verification step. All codes are checked using standard, secure cryptographic methods.
使用者評論
這個外掛目前沒有任何使用者評論。
參與者及開發者
變更記錄
1.0.0
Initial public release.
Added post-login 2FA verification screen.
Added user-specific admin menu for 2FA setup.
Implemented QR code and manual key setup.
Implemented backup code generation and verification.