After evaluating four 2FA plugins for WordPress (including premium plugins), I must say this is the best one. It makes 2FA easy to enable for regular users and it follows the same setup and login flow as the “big players” such as Facebook and Twitter. The developer has even hinted on upcoming support for WebAuthn, e.g., Yubikeys (see support topic “support-for-yubikey”), which would take authentication security to the next level.
There are some missing features that I would like to see in the future. The lack of these features doesn’t keep me from giving this excellent plugin five stars, since the plugin does exactly what it claims to do. Here are however the improvements I’d like to see.
- Embed a script for generating QR codes so that no external requests are needed (the plugin currently relies on chart[.]googleapis[.]com).
- Put the dialog boxes’ content in templates so that they can be overridden without modifying core files (or run the content through a filter).
- Add a checkbox to the login page so that users can enable “remember this browser” or “do not ask again for 90 days”.
- Consider adding a premium version so that we who rely on the plugin can fund the development and maintenance.
- You must be logged in to reply to this review.