/wp-two-factor-auth

Secure WordPress login with two factor authentication

Primary LanguagePHPMIT LicenseMIT

wp-two-factor-auth

CI

Description

This plugin allows you to secure your WordPress login with two factor authentication. The users will have to enter a one time password every time they log in.

Why You Need This

Users can have common or weak passwords, and this lets hackers and bots brute force their passwords and get access to their account. If the site is protected with a similar plugin, an intruder cannot get access to the account even if they know the password: this is where the second factor comes into play: to log in, they need to know the one time password.

How Does It Work?

This plugin uses the industry standard Time or Hash based One-time Password Algorithm to generate one time passwords.

One time passwords generated by the plugin can either be delivered by email, or be shown by third party applications (such as Google Authenticator). Because third party applications have to be configured first (you need to scan a QR code or enter some details manually), by default one time passwords are delivered by email.

System Requirements

  • PHP 7.2 or newer
  • OpenSSL extension

Installation

At the moment, only installation via Composer is supported.

To install the plugin, please run

composer require wildwolf/wp-two-factor-auth

in your WordPress root directory. The, please go to the Dashboard > Plugins, and activate the plugin.