OOSOFT 2FA Security

Από oosoft

Περιγραφή

OOSOFT 2FA Security adds robust two-factor authentication to your WordPress site. Protect every login with a second verification step using a TOTP authenticator app (Google Authenticator, Authy, etc.) or a one-time code sent to your email address.

Key Features:

TOTP Authenticator App — compatible with Google Authenticator, Authy, Microsoft Authenticator, and any RFC 6238-compliant app.
Email OTP — sends a time-limited one-time code to the user’s registered email address.
Backup Codes — generate single-use recovery codes so users are never locked out.
Role-Based Enforcement — require 2FA for specific roles (e.g. administrators) while leaving it optional for others.
Rate Limiting — brute-force protection with configurable attempt limits and lockout periods.
Security Logs — detailed event logging with filterable admin view and automatic pruning.
Encrypted Secret Storage — TOTP secrets are encrypted at rest using libsodium (preferred) or AES-256-GCM/CBC via OpenSSL.
HKDF Key Derivation — encryption keys are derived from your WordPress secret keys; no raw key material is stored.

Εγκατάσταση

Upload the oosoft-2fa-security folder to the /wp-content/plugins/ directory.
Activate the plugin through the Plugins menu in WordPress.
Go to Settings > 2FA Security to configure enforcement rules and options.
Users can set up their preferred 2FA method from their Profile page.

Συχνές Ερωτήσεις

Which authenticator apps are supported?: Any app that supports the TOTP standard (RFC 6238), including Google Authenticator, Authy, Microsoft Authenticator, and 1Password.
What happens if a user loses their authenticator app?: Users can log in with one of their backup codes. Administrators can also disable 2FA for a user from the Users list.
Is TOTP secret storage secure?: Yes. Secrets are encrypted with AES-256 (libsodium secretbox preferred, OpenSSL AES-256-GCM/CBC as fallback) before being stored in the database. Encryption keys are derived from your site’s unique WordPress secret keys via HKDF-SHA256.
Does this plugin work with WooCommerce or custom login forms?: The plugin intercepts WordPress’s core authentication pipeline, so it works with any theme or plugin that uses wp_signon() or the standard login form.

Κριτικές

Δεν υπάρχουν αξιολογήσεις για αυτό το πρόσθετο.

Συνεισφέροντες & Προγραμματιστές

“OOSOFT 2FA Security” είναι λογισμικό ανοιχτού κώδικα. Οι παρακάτω έχουν συνεισφέρει στη δημιουργία του.

Μεταφράστε το “OOSOFT 2FA Security” στην γλώσσα σας.

Ενδιαφέρεστε για την ανάπτυξη;

Περιηγηθείτε στον κώδικα, ανατρέξτε στο αποθετήριο SVN ή εγγραφείτε στο αρχείο καταγραφής αλλαγών ανάπτυξης μέσω RSS .

Σύνοψη αλλαγών

1.0.2

Improved escaping and security hardening throughout.
Removed deprecated load_plugin_textdomain() call (WordPress 4.6+ auto-loads translations).
Added HKDF key derivation fallback warning when WordPress secret keys are not configured.

1.0.1

Fixed QR code scanning compatibility with major authenticator apps.
Switched to proven qrcodejs library for QR generation.

1.0.0

Initial release.

Version 1.0.2
Τελευταία ενημέρωση: πριν από 2 εβδομάδες
Ενεργές εγκαταστάσεις: Λιγότερες από 10
Έκδοση WordPress: 6.0 ή νεότερη
Δοκιμασμένο μέχρι: 6.9.4
Έκδοση PHP: 8.0 ή νεότερη
Language
English (US)
Ετικέτες:
2FA otp security totp two factor authentication
Σύνθετη Προβολή

Αξιολογήσεις

No reviews have been submitted yet.

Your review

Δείτε όλες τις κριτικές

Περιγραφή

Εγκατάσταση

Συχνές Ερωτήσεις

Which authenticator apps are supported?

What happens if a user loses their authenticator app?

Is TOTP secret storage secure?

Does this plugin work with WooCommerce or custom login forms?