2FAS Light – Google Authenticator

Description

Secure your WordPress Administration area with 2FAS Light plugin

Every time you log in to a WP-admin panel, 2FAS Light plugin checks if the device has already been trusted. In case the device has not been trusted, the user will be asked for a security code generated by Google Authenticator mobile app.

2FAS plugin also works with other mobile applications that generate tokens, such as: Microsoft Authenticator, Authy, Free OTP, 2STP, OTP Auth.

Install & use

You do not need to register, create a special account, log in or take any other complicated action to use 2FAS Light plugin. All you need to do is install it and activate it in your WordPress. What is more 2FAS Light plugin does not communicate with any external sites. All data needed to make plugin work properly are stored in WordPress database.

Free for all users

Some WordPress plugins are free for only one user as they require fees when you want other users to join you. 2FAS Light plugin is entirely free for all WordPress users.

Get instant protection against:

Brute-force attacks

When undergoing a brute-force attack, your password can be discovered by the attacker. This is the only vulnerability you will experience with 2FAS Light. 2FAS Light’s intelligent security feature provides a finite amount of time in which the attacker access the correct token. After the access period has ended, the attacker is locked out for security reasons.

WordPress takeovers

Many people use the same password or a similar password for many online services. Repeatedly used passwords remain are vulnerable in cyberspace. Using the 2FAS Light plugin on your WordPress site makes access without a 2FAS Light registered device very difficult.

Phishing and keylogger attacks

If you’re not completely sure that the devices used by you or your sub-users are completely free of keyloggers and viruses, then using 2FAS Light to protect your WordPress site from security breaches is a great solution!

Any password discovery attempt is useless with 2FAS Light. Without the token generated by your 2FAS Light, conventional access to your WordPress site is almost impossible.

Support

For more information check out our website at https://2fas.com

If you need our support, please contact us at support@2fas.com

Screenshots

  • The first step of the login process — providing the login and the password
  • The second step of the login process — providing the token on an untrusted device
  • Configuring the two-factor authentication in the 2FAS Light plugin

Installation

  1. Log in to your WordPress administration area and go to the “Plugins” menu option on the left side.
  2. Click the “Add New” button at the top of the page.
  3. Search for “2FAS Light” and click the “Install Now” button.
  4. When 2FAS Light successfully installs, click the “Activate” link.
  5. Go to the 2FAS Light menu option and follow the steps of the plugin wizard (scan the QR code and provide your token in order to verify it).
  6. That’s it! Now your WordPress administration area is protected by 2FAS Light.

Plugin requirements:

  • PHP 5.3 or newer (PHP 7 is recommended)
  • PHP extensions: GD, Multibyte String, OpenSSL
  • WordPress 3.6 or newer
  • JavaScript enabled

Warning: The plugin is currently not compatible with multisite installations.

If you have any problems with the installation please contact us at support@2fas.com

FAQ

Installation Instructions
  1. Log in to your WordPress administration area and go to the “Plugins” menu option on the left side.
  2. Click the “Add New” button at the top of the page.
  3. Search for “2FAS Light” and click the “Install Now” button.
  4. When 2FAS Light successfully installs, click the “Activate” link.
  5. Go to the 2FAS Light menu option and follow the steps of the plugin wizard (scan the QR code and provide your token in order to verify it).
  6. That’s it! Now your WordPress administration area is protected by 2FAS Light.

Plugin requirements:

  • PHP 5.3 or newer (PHP 7 is recommended)
  • PHP extensions: GD, Multibyte String, OpenSSL
  • WordPress 3.6 or newer
  • JavaScript enabled

Warning: The plugin is currently not compatible with multisite installations.

If you have any problems with the installation please contact us at support@2fas.com

Why do I need the 2FAS Light plugin?

If you’re not completely sure your devices or ones used by your sub-users are completely free of keyloggers and viruses, then it is a great solution.

Without the token generated by your smartphone, any password discovery attempt will be useless with 2FAS Light plugin.

Do I need to enter a token each time I log in to the WordPress admin?

No, it is not necessary. The 2FAS Light plugin determines whether or not the user is required to enter a token as an additional form of authentication.

What do I need to do to start using the 2FAS Light plugin?

The most common way to use the 2FAS Light plugin is to configure your smartphone to generate tokens. You can download any Time-based One-Time Password (TOTP) app (e.g. Google Authenticator, Authy, FreeOTP, etc.).

Can I use a browser extension instead of my smartphone to generate tokens?

Yes, you can; however, it isn’t as safe as using your smartphone.

The main idea of the two-factor authentication is based on using different devices or channels, which can verify a user. When you are using a browser extension, then you are not protected from malware or viruses, which can catch your token.

Is it free?

Yes, it is completely free.

You can either use it privately or for commercial usage without any fees.

Reviews

Crashes Site on Install

Version WordPress 4.9.1

Error:
[Fri Jan 05 15:26:38.272078 2018] [:error] [pid 1387] [client 73.239.115.224:62549] PHP Fatal error: Uncaught Error: Call to undefined function Endroid\\QrCode\\imagecreate() in /mnt/www/blog/wp-content/plugins/2fas-light/vendor/endroid/qrcode/src/QrCode.php:1408\nStack trace:\n#0 /mnt/www/blog/wp-content/plugins/2fas-light/vendor/endroid/qrcode/src/QrCode.php(730): Endroid\\QrCode\\QrCode->create()\n#1 /mnt/www/blog/wp-content/plugins/2fas-light/TwoFASLight/TOTP/TwoFASLight_TOTP.php(159): Endroid\\QrCode\\QrCode->getDataUri()\n#2 /mnt/www/blog/wp-content/plugins/2fas-light/TwoFASLight/Action/TwoFASLight_Menu_Action.php(27): TwoFASLight\\TOTP\\TwoFASLight_TOTP->generate_qr_code(‘AXMYTB5AKP6YLNP…’)\n#3 /mnt/www/blog/wp-content/plugins/2fas-light/TwoFASLight/TwoFASLight_Init_App.php(20): TwoFASLight\\Action\\TwoFASLight_Menu_Action->handle(Object(TwoFASLight\\TwoFASLight_Init_App))\n#4 /mnt/www/blog/wp-content/plugins/2fas-light/twofas_light.php(123): TwoFASLight\\TwoFASLight_Init_App->run()\n#5 /mnt/www/blog/wp-includes/class-wp-hook.php(286): twofas_light_init(”)\n#6 /mnt/www/blog/wp-includes/class-wp-hook.php(310): WP_Hook- in /mnt/www/blog/wp-content/plugins/2fas-light/vendor/endroid/qrcode/src/QrCode.php on line 1408

Looks like you expected me to have composer or https://github.com/endroid/qr-code installed.

This really works

I have just shuted down miniorange that insert a div in each page and make a download from a js file from macromedia pub

I am so impressed about how this plugin works in a clean and fast way without inserting nothing in our pages

Try this one. You will be glad to have it in your way

Read all 5 reviews

Contributors & Developers

“2FAS Light – Google Authenticator” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.0.4 (Apr. 10, 2018)

  • Improved plugin security
  • Changed link description on second step page
  • Optimized plugin version update algorithm
  • Fixed account lockout
  • Fixed frontend bugs

1.0.3 (Jan. 30, 2018)

  • Added plugin’s requirements check
  • Deleted modifying error messages at the first step of the login process
  • WordPress site name is decoded before it it used by the plugin
  • Updated text about trusted devices
  • Updated Twig to version 1.33.2

1.0.2 (Mar. 27, 2017)

  • Improved QR code quality
  • Trusted device can be added only during the login process
  • Bug fixes

1.0.1 (Jan. 5, 2017)

  • Frontend changes

1.0.0 (Dec. 30, 2016)

  • The first stable release of the plugin