[WordPress] 外掛分享： Fortytwo – Two-Factor Authentication

前言介紹

• 這款 WordPress 外掛「Fortytwo – Two-Factor Authentication」是 2016-03-31 上架。
• 目前有 10 個安裝啟用數。
• 上一次更新是 2016-12-22，距離現在已有 3055 天。超過一年沒更新，安裝要確認版本是否可用。以及後續維護問題！
• 外掛最低要求 WordPress 4.4 以上版本才可以安裝。
• 有 2 人給過評分。
• 還沒有人在論壇上發問，可能目前使用數不多，還沒有什麼大問題。

外掛協作開發者

fortytwotele |

外掛標籤

2FA | 2 Factor | 2 step authentication | 2-factor authentication | two factor authentication |

內容簡介

什麼是雙重認證？

認證 - 驗證您的身份的過程 - 歸納為三個簡單的元素之一：

用户知道的事情（PIN，密码）
用户擁有的東西（手機，設備）
用户的身份（生物特徵，視網膜，指紋）

雙重認證（2FA）是這些唯一識別符中任意兩個的結合。

我們的 2FA 外掛程式是如何運作的？

使用Fortytwo的2FA WordPress插件，用戶只需要用戶名和密碼即可登錄到他們的網站（與任何標準登錄順序一樣），以及使用手機通過 SMS 接收一次性認證碼。

我們的插件是完全可定制的，可以根據您的具體需求進行調整，例如，您可以根據用戶在WordPress中的特定管理角色分配2FA，當用戶在特定時間內使用已知或“可信”設備時，可以禁用用戶的2FA。Fortytwo的WordPress 2FA插件提供了一種高度可定制的用戶驗證過程，並在需要時提供了額外的安全級別。

它包括哪些功能？

Fortytwo的WordPress插件帶有眾多功能，包括以下選項：

激活或禁用註冊和/或登錄的2FA，允許用戶使用用戶名，密碼和2FA登錄或僅使用用戶名和密碼登錄
根據用戶在WordPress中的角色啟用用於登錄的2FA，例如，您可以禁用某些用戶（如訂閱者）的2FA，同時保留對具有關鍵角色的用戶的2FA
將2FA分配為用戶的可選或強制選項，因此您可以讓用戶選擇啟用2FA或默認強制該選項。
將“可信”設備分配給特定用戶，讓用戶在完成初始的2FA登錄後，可以將其設備標記為“可信”一段指定的時間，在設置中由他們進行分配。此選項可以確保用戶在初始2FA登錄後不需要使用分配的受信任設備重複輸入驗證碼。
在註冊后重新發送驗證碼，如果未收到短信 - 這使用戶可以在60秒后請求驗證碼，並更改其電話號碼，以防提交不正確的電話號碼
在登錄后重新發送驗證碼，如果未收到短信 - 這使用戶可以在60秒后再次請求驗證碼 - 這個重發選項也可以在設置中禁用
自定義2FA的行為，如API中所述，包括更改驗證碼長度和類型（數字，字母或字母數字），區分大小寫驗證，通過回調URL記錄響應的選項以及自定義對用戶可見的發件人ID

Fortytwo的2FA WordPress插件支持所有智能手機（iPhone，Android，BlackBerry）以及基本手機的2FA。

為什麼要使用Fortytwo的WordPress插件？

安全將2FA納入用戶登錄過程中，為WordPress站點創建了一個複雜密碼無法保證的保護和安全級別
可定製的功能這是我們的插件的第一個版本，我們非常有興趣聽取您的反饋。

如果您希望看到其他功能，請告訴我們！

原文外掛簡介

What is Two-factor Authentication?
Authentication – the process of verifying your identity – boils down to one of three simple elements:

Something the user knows (PIN, password)
Something the user owns (mobile phone, device)
Something the user is (biometric, retina, fingerprint)

Two-factor Authentication (2FA) is a combination of any two of these unique identifiers.
How does our 2FA plugin work?
With Fortytwo’s 2FA WordPress plugin, the user only requires the username and password to login to their site (as per any standard login sequence) and a mobile phone to receive the one-time authentication code via SMS.
Our plugin is fully customisable and can be adapted to meet your specific needs, for example, you can assign 2FA to certain users depending on their specific administrative roles in WordPress and disable 2FA for users when they are using a known or ‘trusted’ device for a specific period of time. Fortytwo’s WordPress 2FA plugin offers the unique advantage of providing a highly customisable authentication process for users and provides an additional level of security when and as required.
What features does it include?
Fortytwo’s WordPress plugin comes with a myriad of features including the option to:

activate or disable 2FA for registration and/or login allowing the user to login using a username, password and 2FA or just a username and password
activate 2FA for login according to the user’s role in WordPress, for example, you can disable 2FA for certain users such as subscribers while maintaining 2FA for users with critical roles
Activate 2FA as optional or mandatory option for users, so you can give to your user the option to activate 2FA or force the option by default.
assign ‘trusted’ devices to specific users allowing the user – after their initial 2FA login – to validate their devices as ‘trusted’ for a specific time period, assigned by them in the settings. This option ensures that users aren’t required to enter an authentication code repeatedly with an assigned trusted device, after the initial 2FA login
resend the authentication code after registration if the SMS was not received – this allows the user to request the authentication code after 60 seconds and/or change his phone number in the event that an incorrect phone number was submitted
resend the authentication code after login if the SMS was not received – this allows the user to request the authentication code again after 60 seconds – this re-send option can also be disabled in the settings
to customize the behavior of the 2FA as documented on the API including changes to the authentication code length and type (numeric, alpha or alphanumeric), case sensitive validation, options to log a response via a callback URL and customise sender ID ‘s visible to the users

Fortytwo’s 2FA WordPress plugin supports 2FA for all Smart phones (iPhone, Android, BlackBerry), as well as basic phones.
Why use Fortytwo’s WordPress plugin?

Security Incorporating 2FA in to the user login process, creates a level of protection and security for your WordPress site that complex passwords can no longer guarantee
Customised functionality This is our first version of the plugin and we’re keenly interested in your feedback.

If there is additional functionality that you would you like to see, please let us know – we are happy to work on developing features to meet your specific requirements and endeavor to implement this in as short a time-frame as possible.
Configuration
Once the plugin is activated you have to configure the plugin before use:

In the admin panel go to Settings > Two Factor Authentication
Enter the token you have from the fortytwo control panel
Configure the other options accordingly to your needs
push the save button

Note: The Two factor authentication works only for the users who have the 2FA phone number on their profile.
Version 1.1.1
2016-12-22
* [IMPROVEMENT] Support for WordPress 4.6.X.
* [IMPROVEMENT] Don’t call login_header if the function was disabled.
Version 1.1.0
2016-10-04
* [IMPROVEMENT] Support for WordPress 4.6.X.
* [IMPROVEMENT] Update SDK dependencies.
* [IMPROVEMENT] Phone field rendering updated.
* [IMPROVEMENT] New API Paremeter : Message template to personalize the message sent with the 2FA Code.
* [IMPROVEMENT] New Mandatory option allowing to have 2FA option as optional or mandatory on login and/or on register.
Version 1.0.8
2016-05-02
* [DOCUMENTATION] Fix typo in the readme file.

[DOCUMENTATION] Fix typo in the readme file.

Version 1.0.7
2016-05-02
* [BUG] Update publish script to properly track/add new files and directory and untrack/delete deleted files.
* [BUG] Clean the SVN tree.

[BUG] Update publish script to properly track/add new files and directory and untrack/delete deleted files.
[BUG] Clean the SVN tree.

Version 1.0.6
2016-04-28
* [BUG] Settings – Update “API Sensitive case” field ID.
* [DOCUMENTATION] Change “why” items to list.

[BUG] Settings – Update “API Sensitive case” field ID.
[DOCUMENTATION] Change “why” items to list.

Version 1.0.5
2016-04-26
* [IMPROVEMENT] Update contributor id

[IMPROVEMENT] Update contributor id

Version 1.0.4
2016-04-25
* [IMPROVEMENT] Support for WordPress 4.5

[IMPROVEMENT] Support for WordPress 4.5

Version 1.0.3
2016-04-25
* [DOCUMENTATION] Add some tags on the presentation of the plugin.
* [DOCUMENTATION] Update the screenshots.
* [DOCUMENTATION] Update readme.txt description.

[DOCUMENTATION] Add some tags on the presentation of the plugin.
[DOCUMENTATION] Update the screenshots.
[DOCUMENTATION] Update readme.txt description.

Version 1.0.2
2016-04-20
* [DOCUMENTATION] Fix header description to feet in 150 characters

[DOCUMENTATION] Fix header description to feet in 150 characters

Version 1.0.1
2016-04-20
* [DOCUMENTATION] Update the readme.txt

[DOCUMENTATION] Update the readme.txt

Version 1.0.0
2016-04-19
* First stable version.

First stable version.

Version 1.0.0-RC11
2016-04-19
* [BUG] Fix error message when invalid token used.
* [BUG] Fix a typo.
* [IMPROVEMENT] Update readme.txt

[BUG] Fix error message when invalid token used.
[BUG] Fix a typo.
[IMPROVEMENT] Update readme.txt

Version 1.0.0-RC10
2016-04-18
* [BUG] Fix phone number validation on register.
* [BUG] Fix various typos.
* [BUG] Fix code validation on register/login
* [BUG] Fix bug when we validate code after a fail on register.
* [BUG] Fix inconsistency on naming of authentication code.

[BUG] Fix phone number validation on register.
[BUG] Fix various typos.
[BUG] Fix code validation on register/login
[BUG] Fix bug when we validate code after a fail on register.
[BUG] Fix inconsistency on naming of authentication code.

Version 1.0.0-RC9
2016-04-14
* [BUG] Device was always setup as trusted.
* [BUG] Fix missing phone helper on edit user.
* [BUG] Fix nullable callbackurl.
* [BUG] Fix validation code after one fail.
* [BUG] Fix resend option on login.

[BUG] Device was always setup as trusted.
[BUG] Fix missing phone helper on edit user.
[BUG] Fix nullable callbackurl.
[BUG] Fix validation code after one fail.
[BUG] Fix resend option on login.

Version 1.0.0-RC8
2016-04-12
* [BUG] Add missing jquery dependency on login
* [BUG] Fix Trusted device Activate/Disabled option
* [BUG] Fix naming convention for Authentication code
* [IMPROVEMENT] Update in code documentation
* [IMPROVEMENT] Adding field validation in the settings
* [BUG] Fix missing dependency * Jquery
* [BUG] Fix a typo on setting panel.
* [BUG] Fix a bug with the cookie path.

[BUG] Add missing jquery dependency on login
[BUG] Fix Trusted device Activate/Disabled option
[BUG] Fix naming convention for Authentication code
[IMPROVEMENT] Update in code documentation
[IMPROVEMENT] Adding field validation in the settings
[BUG] Fix missing dependency – Jquery
[BUG] Fix a typo on setting panel.
[BUG] Fix a bug with the cookie path.

Version 1.0.0-RC7
2016-04-06
* [BUG] Resend SMS no showing on login.
* [BUG] Disable 2FA on register not working properly.

[BUG] Resend SMS no showing on login.
[BUG] Disable 2FA on register not working properly.

Version 1.0.0-RC6
2016-04-06
* [IMPROVEMENTS] Updating versions numbers

[IMPROVEMENTS] Updating versions numbers

Version 1.0.0-RC5
2016-04-04
* [IMPROVEMENTS] Small fixes

[IMPROVEMENTS] Small fixes

Version 1.0.0-RC4
2016-04-04
* [IMPROVEMENTS] Fixing various bugs
* [IMPROVEMENTS] Adding screenshots for the wordpress plugin website

[IMPROVEMENTS] Fixing various bugs
[IMPROVEMENTS] Adding screenshots for the wordpress plugin website

Version 1.0.0-RC3
2016-04-01
* [IMPROVEMENTS] Adding assets : banner and icons.

[IMPROVEMENTS] Adding assets : banner and icons.

Version 1.0.0-RC2
2016-03-30
* [IMPROVEMENTS] Update assets for WordPress publication
* [IMPROVEMENTS] Add publish.sh file for publishing version on the SVN repo.

[IMPROVEMENTS] Update assets for WordPress publication
[IMPROVEMENTS] Add publish.sh file for publishing version on the SVN repo.

Version 1.0.0-RC1
2016-03-24
* [IMPROVEMENTS] : Add Readme.txt for wordpress repo and the icon image.
* [IMPROVEMENTS] : Updating documentation.
* [FEATURES] : Initial features.

[IMPROVEMENTS] : Add Readme.txt for wordpress repo and the icon image.
[IMPROVEMENTS] : Updating documentation.
[FEATURES] : Initial features.

各版本下載點

• 方法一：點下方版本號的連結下載 ZIP 檔案後，登入網站後台左側選單「外掛」的「安裝外掛」，然後選擇上方的「上傳外掛」，把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
• 方法二：透過「安裝外掛」的畫面右方搜尋功能，搜尋外掛名稱「Fortytwo – Two-Factor Authentication」來進行安裝。

（建議使用方法二，確保安裝的版本符合當前運作的 WordPress 環境。

---

1.0.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | 1.1.0 | 1.1.1 | trunk | 1.0.0-RC3 | 1.0.0-RC4 | 1.0.0-RC5 | 1.0.0-RC6 | 1.0.0-RC7 | 1.0.0-RC8 | 1.0.0-RC9 | 1.0.0-RC10 | 1.0.0-RC11 |

延伸相關外掛（你可能也想知道）

• Wordfence Security – Firewall, Malware Scan, and Login Security 》fective way to manage multiple WordPress sites with Wordfence installed from a single location., Monitor security status across all your sites from...。
• Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 》le Plugins include Complianz GDPR, Disable Updates Manager, and Really Simple CAPTCHA., , Really Simple SSL是一個外掛，自動配置你的網站最大程度上使...。
• Two-Factor 》在「使用者」→「您的個人檔案」下的「雙因素認證選項」部分，啟用和設定一個或多個雙因素認證提供者：, , 電子郵件代碼, 時間同步一次性密碼（TOTP）, FIDO通...。
• WP 2FA – Two-factor authentication for WordPress 》這是一款免費且易於使用的 WordPress 二階段驗證外掛。, 在 WordPress 網站登錄頁面和使用者上加入額外的安全層。啟用兩階段驗證（2FA），它是保護使用者免於...。
• Wordfence Login Security 》WORDFENCE 登入安全性, Wordfence 登入安全性包含在完整的 Wordfence 插件中發現的功能子集：雙因素驗證、XML-RPC 保護和登入頁 CAPTCHA。, 你正在尋找全面的...。
• Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 》你一定會喜歡的功能, , 獨家AntiBot Detection Engine - 強大的替代 Google reCAPTCHA 和 CloudFlare Turnstile。, 自動防止機器人和 IP - 基於評分的安全智...。
• Two Factor Authentication 》>WordPress 二次驗證, 此外掛使用雙重認證（TFA / 2FA）來增強 WordPress 的登入安全性。啟用此功能的使用者需輸入一次性密碼才能登入。本掛件由UpdraftPlus ...。
• Login With Ajax – Fast Logins, 2FA, Redirects 》Login With Ajax 是針對需要用戶登錄或註冊的網站，希望避免使用常規的WordPress登錄頁面或在常規登錄頁面添加 AJAX 特效的外掛。此外掛能夠在側邊欄上添加帶...。
• Google Authenticator – 2FA, MFA, OTP SMS and Email 》Google Authenticator – 雙重因素(2FA / OTP) –, 使用 TOTP 登入 2FA 方式，如 Duo/Microsoft/Google Authenticator，來保護您的 WordPress 網站登入頁面。, ...。
• WordPress 2-step verification 》WordPress 2步驟驗證（Wp2sv）為您的 WordPress 帳戶增加了額外的安全層。, 除了您的用戶名和密碼，當您登入時，您還需要輸入由 Android/iPhone/Blackberry ...。
• Two Factor (2FA) Authentication via Email 》WordPress是全球最受歡迎的內容管理系統（CMS），超過40％的網站正在運行它。因此，WordPress已成為黑客利用漏洞入侵網站的目標。增強WordPress網站安全性的...。
• WebAuthn Provider for Two Factor 》此外掛為 Two Factor 外掛新增 WebAuthn 支援。, 由於 U2F API 已被停用並將在 2022 年 2 月被移除，此外掛可使之前註冊的 U2F 安全金鑰仍能自動支援，使用者...。
• Rublon Multi-Factor Authentication (MFA) 》重新掌控您的公司！, , 所有員工的帳戶安全, 無需配置或培訓, , , 安全專家和行業專業人員推薦, “我印象深刻！” — Tony Perez，Sucuri , ...。
• Two Factor Authentication (2FA , MFA, OTP SMS and Email) 》多因素驗證-雙重因素(2FA/OTP)-可以為任何基於 TOTP 的驗證方法(例如谷歌驗證器、Microsoft驗證器等)配置多因素驗證來保護您的WordPress網站。它還支持OTP通...。
• Value-Auth Two Factor and Access Control 》, 您可以為您的網站啟用雙重驗證。, 您可以設定登入限制。, , 您還可以檢查登入記錄。, , , 關於 Value-Auth, , Value-Auth 是 GMO-DigiRock 的服務。, 要使...。