This is the initial release of the Secure 2FA plugin.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3270490,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3270490,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3270490,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3270490,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3270490,"resolution":"1","location":"assets","locale":""},"screenshot-10.png":{"filename":"screenshot-10.png","revision":3270490,"resolution":"10","location":"assets","locale":""},"screenshot-11.png":{"filename":"screenshot-11.png","revision":3270490,"resolution":"11","location":"assets","locale":""},"screenshot-12.png":{"filename":"screenshot-12.png","revision":3270490,"resolution":"12","location":"assets","locale":""},"screenshot-13.png":{"filename":"screenshot-13.png","revision":3270490,"resolution":"13","location":"assets","locale":""},"screenshot-14.png":{"filename":"screenshot-14.png","revision":3270490,"resolution":"14","location":"assets","locale":""},"screenshot-15.png":{"filename":"screenshot-15.png","revision":3270490,"resolution":"15","location":"assets","locale":""},"screenshot-16.png":{"filename":"screenshot-16.png","revision":3270490,"resolution":"16","location":"assets","locale":""},"screenshot-17.png":{"filename":"screenshot-17.png","revision":3270490,"resolution":"17","location":"assets","locale":""},"screenshot-18.png":{"filename":"screenshot-18.png","revision":3270490,"resolution":"18","location":"assets","locale":""},"screenshot-19.png":{"filename":"screenshot-19.png","revision":3270490,"resolution":"19","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3270490,"resolution":"2","location":"assets","locale":""},"screenshot-20.png":{"filename":"screenshot-20.png","revision":3270490,"resolution":"20","location":"assets","locale":""},"screenshot-21.png":{"filename":"screenshot-21.png","revision":3270490,"resolution":"21","location":"assets","locale":""},"screenshot-22.png":{"filename":"screenshot-22.png","revision":3270490,"resolution":"22","location":"assets","locale":""},"screenshot-23.png":{"filename":"screenshot-23.png","revision":3270490,"resolution":"23","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3270490,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3270490,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3270490,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3270490,"resolution":"6","location":"assets","locale":""},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3270490,"resolution":"7","location":"assets","locale":""},"screenshot-8.png":{"filename":"screenshot-8.png","revision":3270490,"resolution":"8","location":"assets","locale":""},"screenshot-9.png":{"filename":"screenshot-9.png","revision":3270490,"resolution":"9","location":"assets","locale":""}},"screenshots":{"1":"Overview","2":"Verified Users","3":"Activity Log","4":"General Settings","5":"Time-based One-Time Password 2FA Settings","6":"Email 2FA Method Settings","7":"WhatsApp 2FA Method Settings","8":"Yubico OTP 2FA Method Settings","9":"OTP Settings","10":"Recovery Codes Settings","11":"Rate Limit Settings","12":"Enforce 2FA","13":"Visibility Settings","14":"Advanced Settings","15":"Configure User 2FA","16":"Configure User 2FA - One-Time Password","17":"Configure User 2FA - Email","18":"Configure User 2FA - WhatsApp","19":"Configure User 2FA - Yubico\/YubiKey","20":"Configure User 2FA - Activte","21":"Configure User 2FA - Login 2FA","22":"Configure User 2FA - Login Recovery Code","23":"Configure User 2FA - Login 2FA - WhatsApp"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[9211,602,47164],"plugin_category":[38],"plugin_contributors":[197510],"plugin_business_model":[],"class_list":["post-228048","plugin","type-plugin","status-publish","hentry","plugin_tags-2fa","plugin_tags-login","plugin_tags-tfa","plugin_category-authentication","plugin_contributors-endisha","plugin_committers-endisha"],"banners":{"banner":"https:\/\/ps.w.org\/secure-tfa\/assets\/banner-772x250.png?rev=3270490","banner_2x":"https:\/\/ps.w.org\/secure-tfa\/assets\/banner-1544x500.png?rev=3270490","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/secure-tfa\/assets\/icon-128x128.png?rev=3270490","icon_2x":"https:\/\/ps.w.org\/secure-tfa\/assets\/icon-256x256.png?rev=3270490","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-1.png?rev=3270490","caption":"Overview"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-2.png?rev=3270490","caption":"Verified Users"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-3.png?rev=3270490","caption":"Activity Log"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-4.png?rev=3270490","caption":"General Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-5.png?rev=3270490","caption":"Time-based One-Time Password 2FA Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-6.png?rev=3270490","caption":"Email 2FA Method Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-7.png?rev=3270490","caption":"WhatsApp 2FA Method Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-8.png?rev=3270490","caption":"Yubico OTP 2FA Method Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-9.png?rev=3270490","caption":"OTP Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-10.png?rev=3270490","caption":"Recovery Codes Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-11.png?rev=3270490","caption":"Rate Limit Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-12.png?rev=3270490","caption":"Enforce 2FA"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-13.png?rev=3270490","caption":"Visibility Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-14.png?rev=3270490","caption":"Advanced Settings"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-15.png?rev=3270490","caption":"Configure User 2FA"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-16.png?rev=3270490","caption":"Configure User 2FA - One-Time Password"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-17.png?rev=3270490","caption":"Configure User 2FA - Email"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-18.png?rev=3270490","caption":"Configure User 2FA - WhatsApp"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-19.png?rev=3270490","caption":"Configure User 2FA - Yubico\/YubiKey"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-20.png?rev=3270490","caption":"Configure User 2FA - Activte"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-21.png?rev=3270490","caption":"Configure User 2FA - Login 2FA"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-22.png?rev=3270490","caption":"Configure User 2FA - Login Recovery Code"},{"src":"https:\/\/ps.w.org\/secure-tfa\/assets\/screenshot-23.png?rev=3270490","caption":"Configure User 2FA - Login 2FA - WhatsApp"}],"raw_content":"\n
Automatic installation is the easiest option \u2014 WordPress will handle the file transfer, and you won\u2019t need to leave your web browser. To do an automatic install of Secure 2FA, log in to your WordPress dashboard, navigate to the Plugins menu, and click \u201cAdd New.\u201d<\/p>\n\n
In the search field, type \u201cSecure 2FA\u201d and click \u201cSearch Plugins.\u201d Once you\u2019ve found it, you can view details such as the point release, rating, and description. Most importantly, you can install it by clicking \u201cInstall Now,\u201d and WordPress will take care of the rest.<\/p>\n\n
The manual installation method requires downloading the Secure 2FA plugin and uploading it to your web server via your favorite FTP application. The WordPress codex contains [instructions on how to do this here](https:\/\/wordpress.org\/support\/article\/managing-plugins\/ #manual-plugin-installation).<\/p>\n\n\n
After activating the plugin, a \"Secure 2FA\" menu item will appear in your WordPress admin dashboard's sidebar.<\/p><\/dd>\n
Yes, you can configure enforce 2FA settings to exclude certain roles from 2FA enforcement.<\/p><\/dd>\n
There is no settings page available for excluding users from forced two-factor authentication. However, you can exclude specific users by adding the following filter to the \"functions.php\" file of your active theme:<\/p>\n\n
<?php\nadd_filter('secure_tfa_enforce_tfa_excluded_users', function() {\n \/\/ User ID(s) you want to exclude\n return [1]; \n});\n<\/code><\/pre><\/dd>\nWhat happens if a user doesn't receive the OTP?<\/h3><\/dt>\nIf a user doesn\u2019t receive their OTP, they should:<\/p>\n\n
\n- Wait a few minutes and try again.<\/li>\n
- Use their backup recovery codes to regain access if OTP delivery fails.<\/li>\n
- If the issue persists, the site administrator can assist with troubleshooting by checking the activity logs for the user or deactivate 2FA for that user.<\/li>\n
- If you are the site administrator, check the
Handling and Troubleshooting Issues<\/code> below for further assistance.<\/li>\n<\/ol><\/dd>\nHandling and Troubleshooting Issues<\/h3><\/dt>\nIf you're facing issues logging in or not receiving OTPs due to 2FA method issue or email or API problems, and you need to regain access to your WordPress account, you can configure the following constants in the config.php<\/code> file to help resolve these issues:<\/p>\n\ndefine( 'SECURE_TFA_DISABLE_PLUGIN', true ) ;\n<\/code><\/pre>\n\nThis constant disables the 2FA login process and temporarily deactivates its functionality, although the plugin remains active.<\/p>\n\n
define( 'SECURE_TFA_DISABLE_ENFORCE_TFA', true ) ;\n<\/code><\/pre>\n\nThis constant disables the enforced 2FA requirement for users who have not yet enabled it.<\/p><\/dd>\n\n<\/dl>\n\n\n
1.0.0 - 2025-04-10<\/h4>\n\n\n- Initial release.<\/li>\n<\/ul>\n\n\n
Secure 2FA adds an extra layer of security to your WordPress login process by enabling 2FA via several authentication methods.<\/p>\n\n
Features<\/h3>\n\n\n- Free two-factor authentication (2FA) plugin<\/li>\n
- Multiple authentication methods: One-time password (OTP), Yubico OTP (YubiKey), Email OTP, and WhatsApp OTP<\/li>\n
- Customizable OTP configurations: Expiration time, retries, and more<\/li>\n
- Role-based enforcement: Require 2FA for all or specific roles while excluding others<\/li>\n
- Supports WordPress Multisite and single-site installations<\/li>\n
- Activity log tracking: Monitor authentication attempts and security events<\/li>\n
- Rate limiting: Prevent brute-force attacks by limiting OTP requests per user<\/li>\n
- Backup recovery codes: Allow users to regain access if they lose their primary 2FA method<\/li>\n
- Automatic log cleanup: Enable or disable automatic deletion of old activity logs with configurable schedules<\/li>\n
- UI control: Manage the visibility of the \"Configure 2FA\" option in the sidebar, admin toolbar, and user list<\/li>\n<\/ul>\n\n
Time-based One-Time Password 2FA Method<\/h3>\n\n\n- Compatible with diifrent authotcitors apps susch as Google Authenticator and Duo etc.<\/li>\n
- Generates QR codes during 2FA setup.<\/li>\n
- Supports manual setup keys.<\/li>\n<\/ul>\n\n
WhatsApp 2FA Method<\/h3>\n\n
This method leverages Meta's official API to send OTPs via WhatsApp authentication template. It supports the following features:<\/p>\n\n
\n- Set a default template language.<\/li>\n
- Support multiple template languages based on the user's UI language (templates must match WhatsApp requirements).<\/li>\n
- Define a base country for phone numbers when configuring 2FA.<\/li>\n
- Restrict phone number selection by specifying an allowed countries list.<\/li>\n
- Enable IP address lookup to detect the user's country during 2FA setup.<\/li>\n
- Allow or prevent multiple users from using the same phone number.<\/li>\n
- Set custom phone number regex patterns to enforce specific formatting rules.<\/li>\n<\/ul>\n\n
Email OTP 2FA Method<\/h3>\n\n\n- Allow or disallow users to enter a different email when configuring email as a two-factor authentication method.<\/li>\n
- Specify a custom email address from which OTPs will be sent.<\/li>\n
- Customize email languages, subject lines, and message content based on supported languages.<\/li>\n<\/ul>\n\n
Yubico OTP 2FA Method<\/h3>\n\n
Yubico OTP is a secure and convenient authentication method supported by all YubiKeys out of the box. It provides an additional layer of security as a second-factor authentication option.<\/p>\n\n
Requirements<\/h3>\n\n\n- WordPress 6.0 or newer.<\/li>\n
- PHP version 7.4 or newer.<\/li>\n<\/ul>\n\n
External Library and Services Usage<\/h3>\n\n\n- The plugin utilizes the intl-tel-input<\/a> library to provide phone number formatting functionality. <\/li>\n
- The plugin integrates with Meta\u2019s WhatsApp Business API, which is subject to Meta\u2019s Terms of Service<\/strong> and pricing policies<\/strong>. You may need to subscribe to a third-party WhatsApp API method or a Meta-approved Business Solution Provider to use this service. For details, visit Meta\u2019s WhatsApp Business API documentation<\/a>. <\/li>\n
- The plugin integrates with the Yubico OTP API<\/strong>. It securely sends the user\u2019s one-time password (OTP) to Yubico\u2019s verification service to authenticate login attempts. Review Yubico\u2019s Terms & Conditions<\/a> and Privacy Notice<\/a> for more details.<\/li>\n<\/ul>\n\n
License<\/h3>\n\n
Secure 2FA is licensed under the GNU General Public License v2 or later.<\/p>","raw_excerpt":"Secure 2FA adds an extra layer of security to your WordPress login process by enabling 2FA via several authentication methods.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/228048","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=228048"}],"author":[{"embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/endisha"}],"wp:attachment":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=228048"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=228048"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=228048"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=228048"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=228048"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=228048"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}