OOSOFT 2FA Security adds robust two-factor authentication to your WordPress site. Protect every login with a second verification step using a TOTP authenticator app (Google Authenticator, Authy, etc.) or a one-time code sent to your email address.
Key Features:
- TOTP Authenticator App — compatible with Google Authenticator, Authy, Microsoft Authenticator, and any RFC 6238-compliant app.
- Email OTP — sends a time-limited one-time code to the user’s registered email address.
- Backup Codes — generate single-use recovery codes so users are never locked out.
- Role-Based Enforcement — require 2FA for specific roles (e.g. administrators) while leaving it optional for others.
- Rate Limiting — brute-force protection with configurable attempt limits and lockout periods.
- Security Logs — detailed event logging with filterable admin view and automatic pruning.
- Encrypted Secret Storage — TOTP secrets are encrypted at rest using libsodium (preferred) or AES-256-GCM/CBC via OpenSSL.
- HKDF Key Derivation — encryption keys are derived from your WordPress secret keys; no raw key material is stored.