This plugin provides uncomplicated 2FA functionality for WordPress. It will allow you to require a second, one time password or OTP, code to be entered when certain (or all) users attempt to log in to WordPress.
It will send a six-digit code via e-mail to the user attempting to log in. The code has a limited lifetime (defaults to 15 minutes). Once a code has been consumed, it is considered invalid.
You may configure that only certain roles are required to use 2FA, and it is recommended that you enable 2FA for those user with privileged access.
You may also configure the plugin to allow certain roles to enable a OTP code bypass, which will set a cookie in that user’s web browser. The cookies are partially based on the username, so several users can share the same browser, but still be required to always enter the OTP code, or bypass it if the cookie is present.
You can add custom text to the OTP code entry form, and you can add custom text to the OTP code e-mail message.
The plugin can be configured to allow it to be handled/managed only by specific users, thus making it harder for someone to accidentally or intentionally deactivate it. The implemented solution for this is by no means waterproof. If someone, for example, has access to your WordPress installation by means of FTP or similar, the plugin files can be physically removed (or moved out of your WordPress installation), which basically deactivates the plugin as well.
Other notes:
- This plugin may work with earlier versions of WordPress
- Compatible with WordPress 5.6+
- Compatible with PHP 7.2, 7.4, 8.0, and 8.1
- This plugin may create entries in your PHP error log (if active)
- This plugin contains no tracking code