Two-Factor Authentication for WordPress.
Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.
Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad, passoniate
Tags: two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
Requires at least: 4.3
Tested up to: 5.8
Stable tag: trunk (master)
Requires PHP: 5.6
Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable and configure one or multiple two-factor authentication providers for your account:
For more history, see this post.
Here is a list of action and filter hooks provided by the plugin:
two_factor_providersfilter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.
two_factor_enabled_providers_for_userfilter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
two_factor_user_authenticatedaction which receives the logged in
WP_Userobject as the first argument for determining the logged in user right after the authentication workflow.
two_factor_token_ttlfilter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the
WP_Userobject being authenticated.
Development happens on GitHub. Join the
#core-passwordschannel on WordPress Slack (sign up here).
Here is how to get started:
$ git clone https://github.com/wordpress/two-factor.git $ npm install
Then open a pull request with the suggested changes.
See the release history.