描述

前往 [使用者]→[個人資料] 中的 [兩步驟驗證選項]，便能為網站帳號啟用及設定一或多個兩步驟驗證方式：

透過電子郵件傳送驗證碼
TOTP 驗證碼 (Time Based One-Time Passwords，以時間為基礎、最通用的演算法)
FIDO U2F 安全金鑰 (Universal 2nd Factor，通用第二因素)
備用驗證碼
測試模式 (僅供測試目的使用)

如需進一步瞭解這個外掛的開發沿革，請參閱這篇文章。

Actions & Filters

Here is a list of action and filter hooks provided by the plugin:

two_factor_providers filter overrides the available two-factor providers such as email and time-based one-time passwords. Array values are PHP classnames of the two-factor providers.
two_factor_enabled_providers_for_user filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID.
two_factor_user_authenticated action which receives the logged in WP_User object as the first argument for determining the logged in user right after the authentication workflow.
two_factor_token_ttl filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the WP_User object being authenticated.

參與其中

Development happens on GitHub. Join the #core-passwords channel on WordPress Slack (sign up here).

以下是如何開始：

$ git clone https://github.com/wordpress/two-factor.git
$ npm install

然後打開拉取請求提供你建議的變更。

螢幕截圖

[個人資料] 頁面中的 [兩步驟驗證選項]
[個人資料] 頁面中的 U2F 安全金鑰設定
Email Code Authentication during WordPress Login.

評價

Devyn Brugge 2021年12月1日

Really lightweight plugin, it seemed safe to implement and worked for day until admins reported issues. However, my case seems to be a conflict with Toolset Access and I am now having an impossible time trying to remove from my site. Even though I have deactivated, the combination of both these plugins seems to have corrupted the user access table. When an admin accesses the login page, we get a message "You don’t have permission to access this page." Sometimes, changing browsers/VPNs fixes it temporarily. There is no way to remove the plugin settings with uninstall.

Fahrenhe1t 2021年11月25日

This plugin is great for increasing login security by enabling Yubikey 2-Factor Authentication (FIDO U2F), or Time-based One Time Passwords (TOTP). It's very impressive; as if the Wordpress devs themselves integrated it. It even lets you create application-specific passwords (so you can log in with a password on the Wordpress app).

natasha bryan 2021年11月20日

This plugin has a super easy functioning and easy to use interface. This is the best plugin I have found here.

erikmelkersson 2021年11月15日

Simple and does just what it should do without bloating. Thank you.

rezadan 2021年11月14日

This plugin is great for providing multiple forms of 2FA.

Hyrules 2021年11月2日

Excellent 2FA plugin for WordPress that does not require a third party. It will work with email, TOTP, hardware key and backup codes. Still a WIP but I see a lot of potential.

閱讀全部147個評價