Rat Two-Factor Authentication
Rat Two-Factor Authentication is a lightweight yet powerful security plugin that adds an extra layer of protection to your WordPress site through email-based One-Time Password (OTP) verification.
Key Features
- Email-based OTP verification — Secure 6-digit codes sent to user’s email
- Lightweight and fast — Minimal impact on site performance
- User-friendly interface — Clean, responsive design that works on all devices
- Flexible settings — Enable 2FA globally or per user
- Role-based requirements — Require 2FA for specific user roles
- Session management — Secure session handling with timeout protection
- AJAX-powered — Smooth user experience without page reloads
- Auto-submit functionality — Automatically submits form when 6 digits are entered
- Resend functionality — Users can request new codes with cooldown protection
- Mobile-friendly — Optimized for mobile login experiences
- Security-first — Nonce protection, input sanitization, and secure coding practices
How It Works
- User enters their username and password normally
- If 2FA is enabled, they’re redirected to an OTP verification screen
- A 6-digit code is sent to their registered email address
- User enters the code to complete login
- Code expires after 10 minutes for security
Perfect For
- Business websites requiring enhanced security
- E-commerce stores protecting customer accounts
- Membership sites with sensitive user data
- Multi-author blogs securing contributor access
- Any WordPress site wanting better login security
Admin Features
- Global 2FA setting — Enable for all users
- Force 2FA option — Make it mandatory for selected roles
- Role-based configuration — Choose which roles require 2FA
- User profile integration — Users can enable/disable 2FA individually
- Clean admin interface — Easy to configure and manage
Developer Friendly
- Well-documented code with inline comments
- WordPress coding standards compliant
- Hook system for customization
- Lightweight codebase for easy modification
- No external dependencies — Pure WordPress integration
Security Features
- Nonce verification for all AJAX requests
- Input sanitization and validation
- Secure OTP generation using WordPress built-in functions
- Session timeout protection (10 minutes)
- Rate limiting on resend requests
- No plain text storage of OTP codes
Configuration
Global Settings
Navigate to Settings > Two-Factor Auth to configure:
- Enable 2FA Globally: Turn on 2FA for all users
- Force 2FA for All Users: Make 2FA mandatory regardless of user preference
- Required User Roles: Select specific roles that must use 2FA
User Settings
Each user can enable/disable 2FA in their profile:
- Go to Users > Profile (or Users > Your Profile)
- Find the «Two-Factor Authentication» section
- Check «Enable 2FA» to activate for that user
- Save the profile
Email Configuration
The plugin uses WordPress’s built-in wp_mail() function. Ensure your site can send emails properly. Consider using:
- SMTP plugins for reliable email delivery
- Email services like SendGrid, Mailgun, or Amazon SES
- Proper SPF/DKIM records for your domain
Support
For support, feature requests, or bug reports:
- Plugin Support: WordPress.org Support Forum
- Documentation: Available in the plugin’s admin area
- Bug Reports: Please provide detailed information about your setup
Contributing
We welcome contributions! The plugin follows WordPress coding standards and best practices.
Privacy Policy
This plugin: * Stores minimal user data (2FA preference and temporary OTP hashes) * Does not send data to external services * Uses WordPress’s built-in email system * Follows WordPress privacy guidelines * Allows data export/erasure as per GDPR requirements
Technical Requirements
- WordPress 5.0 or higher
- PHP 7.4 or higher
- MySQL 5.6 or higher (or equivalent MariaDB)
- Ability to send emails from WordPress
- Modern web browser with JavaScript enabled
Credits
Developed with ❤️ by the Rat Plugins team, focused on creating lightweight, powerful, and user-friendly WordPress plugins.
License
This plugin is licensed under the GPL v2 or later.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
