Cloudbridge 2FA for WordPress documentation

OTP code lifetime	The lifetime, in minutes, of the OTP code sent to the user by e-mail. Minimum value is one (1), and maximum value is 60. A reasonably balanced value here in most situations is 15 minutes.
OTP code in e-mail subject	Determines if the OTP code should be appended to the e-mail subject. This is normally only included in the e-mail body. Some people may, however, find it useful to be able to see the OTP code in new e-mail notifications.
OTP code entry text	This text, if configured, is displayed on the OTP code entry page. It should be kept reasonably short and may not contain any HTML. Something that tells the user whom to contact in case of login issues may be a good idea to put here.
OTP code e-mail text	This text, if configured, is included in the OTP code e-mail. It should be kept reasonably short and may not contain any HTML. Something that tells the user whom to contact in case of login issues may be a good idea to put here.
Cookie lifetime	Lifetime, in days, of the 2FA bypass cookie. This is used when a user is allowed to bypass the 2FA requirement on a specific browser. A value of zero (0) means that the cookie will live until the user closes the browser. Allowed values are zero (0) to 365. The plugin will create a cookie that is unique to the user. This means that if several users are sharing the same browser, the cookies will be different for each user. Please note: The cookie is only checked for after the user has attempted to login. It will not allow anyone to bypass the regular WordPress login process.
Remove settings	Cloudbridge 2FA will by default retain its settings when you uninstall the plugin. If you want the plugin to remove all its settings when you uninstall it, you should enable this option. Settings are always retained when you deactivate the plugin.

The Roles tab will allow you to enforce 2FA for any given WordPress role (i.e. “Administrator”, “Editor”, “Author”, and so on).

You should enable 2FA for any user role with elevated privileges, such as Administrator.

You may also configure if cookie bypass is allowed. If cookie bypass is enabled, the user will be presented with a checkbox when entering the OTP code. If the checkbox is enabled, the user will not be required to enter an OTP code for the lifetime of the cookie.

The lifetime of the cookie is configured under the General tab.

The Access tab will allow you to limit which users should have access to configuration of the Cloudbridge 2FA plugin.

It is important that you add the user you are currently logged in as, since it’s possible to configure the plugin to block access to its configuration.

Only users with the WordPress role “Administrator” will appear here. If an administrator user is not allowed to configure/manage the plugin, it will make every attempt possible to prevent access to its configuration as well as deactivation. This is, however, waterproof. If a user has direct access to the WordPress installation, by using FTP for example, it’s trivial to simply remove (or move) the plugin files.

The Export menu option will allow you to export your Cloudbridge 2FA configuration. This can be used as a backup or to clone plugin settings between sites. No sensitive information is included in the export. You can store the export data as plain ASCII/.txt file.

The Import menu option will allow you to import a previously exported Cloudbridge 2FA configuration. This is useful if you quickly want to clone the settings between multiple sites. It can also be used to “restore” settings, as a means of backup.