WP 2FA – Two-factor Authentication for WordPress

外掛說明

A FREE & EASY TO USE TWO-FACTOR AUTHENTICATION PLUGIN FOR WORDPRESS

Add an extra layer of security to your WordPress website login page and its users. Enable two-factor authentication (2FA), the best protection against users using weak passwords, and automated password guessing and brute force attacks.

Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator user, and to enforce your website users, or some of them to use 2FA. This plugin is very easy to use. It has wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance.

Maintained & Supported by WP White Security

WP White Security builds high-quality niche WordPress security & admin plugins such as Password Policy Manager, a plugin with which you can ensure all your users use strong passwords.

Browse our list of WordPress plugins that can help you better manage and improve the security of your WordPress websites and users.

WP 2FA Key plugin features & capabilities

  • Free Two-factor authentication (2FA) for all users
  • Supports TOTP (code from 2FA apps like Google Authenticator and Authy) and OTP (email based codes)
  • Supports 2FA backup codes
  • Very easy to use and wizard driven
  • Use policies to enforce 2FA with a grace period or require your users to instantly setup 2FA upon login
  • Protection against automated password guessing and dictionary attacks

FREE Plugin Support

Support for the WP 2FA plugin is available for free via:

For any other queries, feedback, or if you simply want to get in touch with us please use our contact form.

Related Links and Documentation

From within WordPress

  1. Visit ‘Plugins > Add New’
  2. Search for ‘WP 2FA’
  3. Install & activate the WP 2FA from your Plugins page.

Manually

  1. Download the plugin from the WordPress plugins repository
  2. Unzip the zip file and upload the wp-2fa folder to the /wp-content/plugins/ directory
  3. Activate the WWP 2FA plugin through the ‘Plugins’ menu in WordPress

螢幕擷圖

  • The first-time install wizard allows you to setup 2FA on your website and for your user within seconds.
  • The wizards make setting up 2FA very easy, so even non technical users can setup 2FA without requiring help.
  • You can require users to enable 2FA and also give them a grace period to do so.
  • Users can also use one-time codes via email as a two-factor authentication method.
  • You can use policies to require users to instantly set up and use 2FA, so the next time they login they will be prompted with this.
  • It is recommended for all users to also generate backup codes, in case they cannot access the primary device.
  • In the user profile users only have a few 2FA options, so it is not confusing for them and everything is self explanatory.
  • The plugin blocks the accounts of users who are required to have 2FA but fail to enable it within the grace period, so they do not jeopardize the security of your website.

使用者評論

2020 年 9 月 5 日
I develop and host wordpress websites, so I have several clients. I'm now advising all of them to use 2FA for best security, and WP 2FA is my plugin of choice to recommend. I like this plugin so much, I moved from 2FAS Light to this, for my own wordpress sites. Especially when introducing 2FA to clients with several users on their websites, a simple, intuitive experience is key—and WP 2FA's wizard experience is perfect for this. They log in, they're prompted to set up 2FA, then they go on with their business. This is a simple, straightforward plugin that does the job well! Keep up the good work, developers!
2020 年 8 月 26 日
Good solution, could force MFA if you like, sends emails to your users - great. And support is answering fast.
2020 年 8 月 19 日
I have tried many different 2FA -plugins, and this is definitely the best one out there! Easy to use, supports a bunch of different authentication apps, customizable e-mail messages and so on. Thank you for this awesome plugin, I really appreciate your hard work! 🙏🏻
2020 年 7 月 29 日
This is a great plugin and for basic setup it works beautifully. I was looking for a plugin that worked with email 2-FA and this fit the bill nicely. The only problem is that it does not work with any login forms other than the standard WordPress login form or WooCommerce login/logout via the My Account page. The forms issue is frustrating and I hope that a solution can be found for that soon. Otherwise, this plugin is great. Much appreciation to the authors.
2020 年 7 月 24 日
This one is by far the easiest to use, least cluttered, excellent very well thought out wizard. Love that you can force 2-factor and hide the plugin options from other admins. They have thought of every scenario! I tried many other 2-factor plugins which had a even higher active installations but nothing compared to this one. This feels like a premium plugin, should be merged into WordPress core! I was also able to use a unsupported app "Okta".
2020 年 7 月 21 日
The currently best 2FA Plugin on the market! Has many features that are charged for with other plugins. The support answers very fast and is very helpful! Thanks a lot!
閱讀全部 17 則使用者評論

參與者及開發者

以下人員參與了開源軟體〈WP 2FA – Two-factor Authentication for WordPress〉的開發相關工作。

參與者

WP 2FA – Two-factor Authentication for WordPress 外掛目前已有 2 個本地化語言版本。 感謝全部譯者為這個外掛做出的貢獻。

將 WP 2FA – Two-factor Authentication for WordPress 外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

變更記錄

1.4.2 (2020-09-02)

  • New features

  • Improvements

    • Users can setup 2FA via their smart device without the need to scan the QR code.
    • When instant 2FA is required, existing user sessions are not terminated. Instead they are redirected to the 2FA wizard.
    • The dates and times used in emails and notifications have the same format as that configured in WordPress.
    • The dates and times strings used in the plugin and emails are fully translatable.
    • Added a subject to the login confirmation code email.
    • Better error reporting when required settings are missing.
    • Removed all reference to the Google Authenticator app. Now all messages are generic for all 2FA apps.
    • Standardized the order of placeholders in 2FA wizard.
  • Bug fixes

    • Users unable to setup 2FA in some edge cases because of a HTTP 400 error response during the wizard.
    • Grace period settings hid unexpectedly upon changing the settings.
    • The wrong grace period was being added to the user emails.
    • Wrong grace period shown in user email when users are required to instantly setup 2FA.
    • Users were able to disable 2FA after setting it up, even when 2FA is enforced.

Refer to the complete plugin changelog for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.