Google Authenticator for your WordPress blog.
It's a "must have" plugin. The only counterpart is that lacks of a feature to be toggled after the users makes login.
You can achieve this with another plugin: https://wordpress.org/support/view/plugin-reviews/google-authenticator-per-user-prompt
PS: Wish the two authors fork the plugin into one.
Really easy to handle, but it would be nice to have a mechanism to only allow logins if they use 2nd factor!
Works as advertised, no issues.
The only drawback is that - despite the tooltip - users are confused about the new field on the log-in screen. It doesn't even help to inform them in their sign-up emails (because after some weeks they forgot, or they use one login for a company, or they don't read the small print ...)
A great enhancement would therefore be to have the field by default hidden (reveal with checkbox) or to make it (like Google, Dropbox etc.) in two steps: only users who have GA enabled see the field for the code in the next step.
Just giving 4 stars, because of:
* undocumented feature "use app password" - what does it do??
* I'd prefer a 2nd login page for the time based password, so unauthenticaed users dont see you're using this plugin.
Otherwise it is an excellent plugin which greatly enhances your security. Very much recommended!
You must log in to submit a review. You can also log in or register using the form near the top of this page.