Description

Use the “Two-Factor Options” section under “Users” → “Your Profile” to enable and configure one or multiple two-factor authentication providers for your account:

Email codes
Time Based One-Time Passwords (TOTP)
FIDO Universal 2nd Factor (U2F)
Backup Codes
Dummy Method (only for testing purposes)

For more history, see this post.

Actions & Filters

Here is a list of action and filter hooks provided by the plugin:

two_factor_providers filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.
two_factor_enabled_providers_for_user filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
two_factor_user_authenticated action which receives the logged in WP_User object as the first argument for determining the logged in user right after the authentication workflow.
two_factor_token_ttl filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the WP_User object being authenticated.

Get Involved

Development happens on GitHub. Join the #core-passwords channel on WordPress Slack (sign up here).

Here is how to get started:

$ git clone https://github.com/wordpress/two-factor.git
$ npm install

Then open a pull request with the suggested changes.

Screenshots

Two-factor options under User Profile.
U2F Security Keys section under User Profile.
Email Code Authentication during WordPress Login.

Reviews

Mirko (alias Dinosaurier) July 22, 2022

Ein Fehler vom Typ E_ERROR wurde in der Zeile 103 der Datei /www/htdocs/w010aebd/wp-content/plugins/advanced-classifieds-and-directory-pro/public/class-acadp-public-registration.php verursacht. Fehlermeldung: Ungefangener ArgumentCountError: Zu wenige Argumente für Funktion ACADP_Public_Registration::wp_login_failed(), 1 übergeben in /www/htdocs/w010aebd/wp-includes/class-wp-hook.php auf Zeile 307 und genau 2 erwartet in /www/htdocs/w010aebd/wp-content/plugins/advanced-classifieds-and-directory-pro/public/class-acadp-public-registration.php:103 Stack-Trace: #0 /www/htdocs/w010aebd/wp-includes/class-wp-hook.php(307): ACADP_Public_Registration->wp_login_failed('mirko') #1 /www/htdocs/w010aebd/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array) #2 /www/htdocs/w010aebd/wp-includes/plugin.php(476): WP_Hook->do_action(Array) #3 /www/htdocs/w010aebd/wp-content/plugins/two-factor/class-two-factor-core.php(838): do_action('wp_login_failed', 'mirko') #4 /www/htdocs/w010aebd/wp-includes/class-wp-hook.php(307): Two_Factor_Core::login_form_validate_2fa('') #5 /www/htdocs/w010aebd/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters('', Array) #6 /www/htdocs/w010aebd/wp-includes/plugin.php(476): WP_Hook->do_action(Array) #7 /www/htdocs/w010aebd/wp-login.php(518): do_action('login_form_vali...') #8 {main}

arafatamin July 18, 2022

Wow nice plugin

vy name June 10, 2022

I surely want to acknowledge my gratitude to this plugin's authors. Their work is to be measured by the effect it has on protecting WP sites and how effortlessly it works. Fricton-free and effective. Just great!

carnalpl May 1, 2022

U2F key cannot be added.

clpjas March 8, 2022

I really hate giving this one-star but the plugin is out of date and broken. This plugin was suggested to me back when I was looking for 2FA methods. It looked promising and worked great, but features are broken, it's fallen behind in supporting the latest versions of WordPress, and has not been updated in half a year. It's a real shame because I've not found a 2FA plugin that can match this plugin...