外掛標籤
開發者團隊
原文外掛簡介
Brightery Secure 2FA adds a strong second login step for WordPress accounts while staying lightweight in runtime.
Features:
Authenticator app (TOTP) support.
Passkeys / WebAuthn support for Touch ID, Face ID, Windows Hello, fingerprint readers, and device PIN.
Role-based enforcement: require selected user groups to enroll.
Forced enrollment page to block protected users until they configure security.
Backup codes.
Encrypted TOTP secret storage using WordPress salts.
Login throttling for repeated primary-login and second-factor failures.
Lightweight audit logs stored inside WordPress options.
Email alerts for enrollment changes and lockouts.
Trusted devices so users can skip 2FA on approved browsers for a limited period.
CSV export for security logs.
Advanced log filters and search.
Custom labels for trusted devices and passkeys.
Optional revocation of other sessions after security changes.
Optional blocking of WordPress application passwords for protected / 2FA-enabled users.
Lightweight runtime: the plugin mostly runs on login, profile, AJAX, settings pages, WooCommerce account pages, and authenticated REST requests.
Important Notes
HTTPS is required for passkeys in production.
This build is optimized for normal interactive WordPress logins and admin access enforcement.
Passkey attestation trust-chain validation is intentionally not enforced in order to remain lightweight and dependency-free.
The plugin still validates challenge, origin, RP ID hash, user presence, optional user verification, signature, and signature counter.
This lightweight build supports ES256 passkeys.
TOTP setup includes a local QR-code renderer so the setup secret stays on your own WordPress site during enrollment.
The plugin stores account-security data such as trusted-device records, passkey metadata, security logs, and a limited recent login-context history.
A privacy-policy suggestion plus WordPress personal-data exporter and eraser integrations are included.
There are no non-GPL third-party runtime libraries bundled with this plugin;
the distributed JavaScript and CSS files are included as human-readable source.
Security Model
TOTP secrets are encrypted before storing in user meta.
Backup codes are stored hashed.
Passkeys verify origin, RP ID hash, challenge, signature, and signature counter.
Rate limiting helps slow repeated login and 2FA guessing attempts.
The plugin can require passkey user verification for biometric/PIN-backed sign-in.
Privacy
Brightery Secure 2FA stores security-related account data so it can protect logins and help administrators investigate suspicious access.
The plugin adds suggested privacy-policy text to WordPress and registers personal-data exporter/eraser callbacks for the data it stores.
Source Code and Licensing
All distributed plugin PHP, JS, and CSS files are included as human-readable source.
The local QR renderer is bundled directly in assets/js/bs2fa-qr.js as readable source code.
No non-GPL runtime libraries are required for normal plugin operation.
