Secure 2FA

Secure 2FA adds an extra layer of security to your WordPress login process by enabling 2FA via several authentication methods.

Features

• Free two-factor authentication (2FA) plugin
• Multiple authentication methods: One-time password (OTP), Yubico OTP (YubiKey), Email OTP, and WhatsApp OTP
• Customizable OTP configurations: Expiration time, retries, and more
• Role-based enforcement: Require 2FA for all or specific roles while excluding others
• Supports WordPress Multisite and single-site installations
• Activity log tracking: Monitor authentication attempts and security events
• Rate limiting: Prevent brute-force attacks by limiting OTP requests per user
• Backup recovery codes: Allow users to regain access if they lose their primary 2FA method
• Automatic log cleanup: Enable or disable automatic deletion of old activity logs with configurable schedules
• UI control: Manage the visibility of the “Configure 2FA” option in the sidebar, admin toolbar, and user list

Time-based One-Time Password 2FA Method

• Compatible with diifrent authotcitors apps susch as Google Authenticator and Duo etc.
• Generates QR codes during 2FA setup.
• Supports manual setup keys.

WhatsApp 2FA Method

This method leverages Meta’s official API to send OTPs via WhatsApp authentication template. It supports the following features:

• Set a default template language.
• Support multiple template languages based on the user’s UI language (templates must match WhatsApp requirements).
• Define a base country for phone numbers when configuring 2FA.
• Restrict phone number selection by specifying an allowed countries list.
• Enable IP address lookup to detect the user’s country during 2FA setup.
• Allow or prevent multiple users from using the same phone number.
• Set custom phone number regex patterns to enforce specific formatting rules.

Email OTP 2FA Method

• Allow or disallow users to enter a different email when configuring email as a two-factor authentication method.
• Specify a custom email address from which OTPs will be sent.
• Customize email languages, subject lines, and message content based on supported languages.

Yubico OTP 2FA Method

Yubico OTP is a secure and convenient authentication method supported by all YubiKeys out of the box. It provides an additional layer of security as a second-factor authentication option.

Requirements

• WordPress 6.0 or newer.
• PHP version 7.4 or newer.

External Library and Services Usage

• The plugin utilizes the intl-tel-input library to provide phone number formatting functionality.
• The plugin integrates with Meta’s WhatsApp Business API, which is subject to Meta’s Terms of Service and pricing policies. You may need to subscribe to a third-party WhatsApp API method or a Meta-approved Business Solution Provider to use this service. For details, visit Meta’s WhatsApp Business API documentation.
• The plugin integrates with the Yubico OTP API. It securely sends the user’s one-time password (OTP) to Yubico’s verification service to authenticate login attempts. Review Yubico’s Terms & Conditions and Privacy Notice for more details.

License

Secure 2FA is licensed under the GNU General Public License v2 or later.