plugin-icon

Digipacket Login Security with Two-Factor Authentication

Door digipacket·
Standards-based two-factor authentication (TOTP & e-mail), brute-force lockout, login alerts and an audit log — with no external service.
2FA
Brute Force
login security
Beoordelingen
Een beoordeling toevoegen
Versie
1.0.1
Laatst bijgewerkt
Jun 20, 2026
Digipacket Login Security with Two-Factor Authentication

Digipacket Login Security adds strong, standards-based two-factor authentication to any WordPress site. It uses the TOTP algorithm (RFC 6238), so it works with Google Authenticator, Authy, Microsoft Authenticator, FreeOTP and any standard authenticator app — with no external service or cloud dependency. Everything runs on your own server.

Key features

  • TOTP compatible with Google Authenticator and all standard apps.
  • Choice of method — each user picks an authenticator app (TOTP) or a one-time code sent by e-mail at login.
  • QR Code enrolment rendered locally on the user profile screen (no external image service).
  • Mandatory code verification after every login.
  • Single-use backup codes for account recovery if the device is lost.
  • Brute-force protection — lock an account after a configurable number of failed attempts, for a configurable duration. Blocks further sign-ins even with the correct password during the lockout window.
  • Security e-mail alerts — notify the account owner when repeated wrong-password attempts or too many incorrect 2FA codes are detected.
  • Login notifications — e-mail the user and/or the administrator (per selected roles) with sign-in details (user, date, IP, browser).
  • Login screen warning — optional full-screen security notice that visitors must accept before signing in.
  • Enforce 2FA by role with a configurable grace period.
  • Admin reset of a user’s 2FA from the Users list, plus a 2FA status column.
  • Audit log of all security events with filtering by role or user.
  • Modern admin interface — dashboard, focused settings tabs and an About page.
  • Translatable — ships with French (fr_FR) and English.

Privacy & external services

By default, Digipacket Login Security does not send any data to external services. All secrets, codes and logs are stored in your own WordPress database, and e-mails are sent through your site’s standard wp_mail() function.

Optional Telegram notifications (disabled by default): if you enable them and provide your own bot token and chat ID, the plugin sends security-event details (event type, username, IP address, date) to the Telegram Bot API at https://api.telegram.org so the message can be delivered to your chosen Telegram chat. This only happens while the feature is enabled and configured.

  • Telegram Bot API: https://core.telegram.org/bots/api
  • Telegram Privacy Policy: https://telegram.org/privacy
Gratisvoor betaalde abonnementen
Aan de slag
Door te installeren, ga je akkoord met de Servicevoorwaarden van WordPress.com en de voorwaarden voor plugins van derden.
Getest tot
WordPress 7.0
Deze plugin kan worden gedownload, zodat je hem op je kan gebruiken.
Downloaden