=== WP 2FA - Two-factor Authentication for WordPress=== Contributors: WPWhiteSecurity, robert681 Plugin URI: https://www.wpwhitesecurity.com/wordpress-plugins/wp-2fa/ License: GPLv3 License URI: https://www.gnu.org/licenses/gpl.html Tags: 2FA, two-factor authentication, multi step authentication, 2-factor authentication, WordPress authentication, two step authentication Requires at least: 4.5 Tested up to: 5.7.2 Stable tag: 1.6.0 Requires PHP: 7.0.0 Harden your website login page; add two-factor authentication (2FA) for all your users with this easy to use plugin. == Description == A FREE & EASY TO USE TWO-FACTOR AUTHENTICATION PLUGIN FOR WORDPRESS
Add an extra layer of security to your WordPress website login page and its users. Enable [two-factor authentication (2FA)](https://www.wpwhitesecurity.com/two-factor-authentication-wordpress/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=all+plugins&utm_content=plugin+repos+description), the best protection against users using weak passwords, and automated password guessing and brute force attacks. [youtube https://www.youtube.com/watch?v=vRlX_NNGeFo] Features | Getting Started | More Info Use the [WP 2FA plugin](https://www.wpwhitesecurity.com/wordpress-plugins/wp-2fa/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) to enable two-factor authentication for your WordPress administrator user, and to enforce your website users, or some of them to use 2FA. This plugin is very easy to use. It has wizards with clear instructions, so even non technical users can setup 2FA without requiring technical assistance. ### Maintained & Supported by WP White Security WP White Security builds high-quality niche WordPress security & admin plugins such as [Password Policy Manager](https://www.wpwhitesecurity.com/wordpress-plugins/password-policy-manager-wordpress/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=PPMWP&utm_content=plugin+repos+description), a plugin with which you can ensure all your users use strong passwords. Browse our list of [WordPress plugins](https://www.wpwhitesecurity.com/wordpress-plugins/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=all+plugins&utm_content=plugin+repos+description) that can help you better manage and improve the security of your WordPress websites and users. ####WP 2FA Key plugin features & capabilities * Free Two-factor authentication (2FA) for all users * Supports TOTP (code from [2FA apps](https://www.wpwhitesecurity.com/support/kb/configuring-2fa-apps/) like Google Authenticator and Authy) and OTP (email based codes) * Supports [2FA backup codes](https://www.wpwhitesecurity.com/2fa-backup-codes/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin%20repos%20description) * Very easy to use and wizard driven * Use [policies to enforce 2FA with a grace period](https://www.wpwhitesecurity.com/support/kb/configure-2fa-policies-enforce/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin%20repos%20description) or require your users to instantly setup 2FA upon login * Protection against automated password guessing and dictionary attacks ### FREE Plugin Support Support for the WP 2FA plugin is available for free via: * [forums](https://wordpress.org/support/plugins/wp-2fa/) * [email](https://www.wpwhitesecurity.com/support/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) * [knowledge base](https://www.wpwhitesecurity.com/support/kb/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) For any other queries, feedback, or if you simply want to get in touch with us please use our [contact form](https://www.wpwhitesecurity.com/contact-wp-white-security/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description). #### Related Links and Documentation * [What is Two-factor authentication](https://www.wpwhitesecurity.com/two-factor-authentication-wordpress/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) * [Why you need both 2FA & strong passwords](https://www.wpwhitesecurity.com/two-factor-authentication-strong-passwords-wordpress/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) * [Setting up Google authenticator for WordPress 2FA](https://www.wpwhitesecurity.com/google-authenticator-app-wordpress-2fa/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) * List of [supported 2FA apps](https://www.wpwhitesecurity.com/support/kb/configuring-2fa-apps/) * [Prevention is the way to go in WordPress Security](https://www.wpwhitesecurity.com/prevention-better-cure-ways-wordpress-security/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) * [Official WP 2FA plugin page](https://www.wpwhitesecurity.com/wordpress-plugins/wp-2fa/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=WP2FA&utm_content=plugin+repos+description) == Installation == === From within WordPress === 1. Visit 'Plugins > Add New' 1. Search for 'WP 2FA' 1. Install & activate the WP 2FA from your Plugins page. === Manually === 1. Download the plugin from the [WordPress plugins repository](https://wordpress.org/plugins/wp-2fa/) 1. Unzip the zip file and upload the `wp-2fa` folder to the `/wp-content/plugins/` directory 1. Activate the WWP 2FA plugin through the 'Plugins' menu in WordPress == Screenshots == 1. The first-time install wizard allows you to setup 2FA on your website and for your user within seconds. 2. The wizards make setting up 2FA very easy, so even non technical users can setup 2FA without requiring help. 3. You can require users to enable 2FA and also give them a grace period to do so. 4. Users can also use one-time codes via email as a two-factor authentication method. 5. You can use policies to require users to instantly set up and use 2FA, so the next time they login they will be prompted with this. 6. It is recommended for all users to also generate backup codes, in case they cannot access the primary device. 7. In the user profile users only have a few 2FA options, so it is not confusing for them and everything is self explanatory. 8. The plugin blocks the accounts of users who are required to have 2FA but fail to enable it within the grace period, so they do not jeopardize the security of your website. == Changelog == = 1.6.0 (2021-05-13) = Release notes: [New user 2FA status, custom redirects and many other new features & improvements](https://www.wpwhitesecurity.com/wp-2fa-1-6-0/) * **New features** * Setting to [redirect users to a custom URL after they complete the 2FA setup](https://www.wpwhitesecurity.com/support/kb/redirect-users-custom-url-after-2fa-wizard/). * [User's 2FA status in the WordPress users page](https://www.wpwhitesecurity.com/support/kb/user-2fa-status/). * Setting to restrict plugin's settings to a specific site administrator. * New 2FA policies for multisite networks (require 2FA for all users of an individual site on the network). * Setting to change the text of the 2FA code page. * **Improvements** * Backup codes are now aptional: administrators can disable them so the plugin does not suggest users to create them. * Removed reference to "WordPress" in the 2FA wizard. * Optimized the code that retrieves the list of users, roles and sites on a multisite network. * User 2FA settings are now saved as array in the database instead of comma separated list. * Added an alert to notify users that all the changes will be lost if they terminate the wizard without setting up 2FA. * Improved the wizard and the user input sanitization. * Converted a number of database settings to filters. * Standardized the text and button labels on the 2FA code page. * Hidden the wizard's holding page. * Plugin now uses the Site name and site email address as from email address. * 2FA apps logos in wizard now link directly to the application's specific instructions. * **Bug fixes** * In some cases the plugin was sending multiple emails when settings were changed. * Image URLs in modal wizard contain extra slash. * Some sections of the wizard were not displayed properly on the Safari browser. * In some edge cases users selected the 2FA email method but they were prompted to scan a QR code when using the front-end wizard. Refer to the complete [plugin changelog](https://www.wpwhitesecurity.com/support/kb/wp-2fa-changelog/) for more detailed information about what was new, improved and fixed in previous version updates of WP 2FA.