Support » Plugin: Two-Factor » Good rather than Great

  • There are no instructions with this plugin at all. How long would it take to write them. I’m sure it could be done very quickly. I would offer but that’s the problem. I don’t understand how it works. Luckily someone else wrote go to All Users > Edit, otherwise I would not have found it. But now there are a number of options and I would like to know what each one does. I’ve used the email option and it works very well.

    One other point though and that is that would it not be better to ask for the authorisation code before allowing for the password input. My concern is hackers. Why let them fiddle about putting in passwords when if the first thing they see is the need for a code which is being emailed to the site owner then maybe they give up there and then rather than me getting umpteen WordPress notifications that someone has been locked out. Then they change their IP address and away they go again, and again, and again………..

    OK, rant over. Thank you to those who have given their time to make this a very good free plugin but can we have a few instructions – please!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Kaspars

    (@kasparsd)

    Thanks for the valuable feedback @briannie!

    I’ve opened an issue on GitHub to add setup and usage instructions to the readme file.

    One other point though and that is that would it not be better to ask for the authorisation code before allowing for the password input.

    Without doing the regular authentication first we don’t know which user is trying to log in and we can’t verify the second factor, which is why all two-factor implementations work this way.

    Thank you for your response but GitHub is a complete mystery to me and to a lot of others as well. I just need some simple instruction. I still don’t know what the other options are for, nor how they work. I don’t want to start clicking on stuff I don’t understand.

    I get the point regarding the second factor being after the login but how about a notice on the login screen advising that additional two factor authorisation will be required just to advise hackers not to waste their time. I’m already utilising “Limit Login Attempts Reloaded” which locks the hacker out after ‘x’ failed logins but the hacker just uses another IP address and away they go again. The last 12 hours saw 61 attempts to guess the password – they already have the username.

    Just a suggestion, nothing more and thanks again for the plugin.

    Plugin Author Kaspars

    (@kasparsd)

    Version 0.4.6 was just released and it now includes usage instructions and screenshots to help users with getting started.

    Excellent but I’ve just had a quick look and I can’t see them. How do I access them please?

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this review.