內容簡介
**總結:**
LoginBerry透過簡單自動的電子郵件驗證功能,為您的WordPress網站提供真正的帳戶安全性。新用戶需要通過輸入電子郵件發送的獨特6位數代碼來確認身份,直到完成驗證,他們將被阻止訪問網站。這無需額外設置,即可保護您的網站、用戶及內容。
- 阻止虛假帳戶在登錄之前
- 保護WordPress網站免受垃圾郵件、濫用及機器人註冊
- 通過確認用戶擁有其註冊的電子郵件地址,確保用戶身份安全
- 減少因錯誤或無效的電子郵件地址而引起的支援請求
**提問與答案:**
1. 如何能夠防止假帳戶登錄?
- 透過LoginBerry的簡單自動電子郵件驗證功能,每個新用戶必須輸入發送到其電子郵件的獨特6位數代碼來確認身份,未完成驗證前無法訪問網站。
2. 這個外掛可以如何保護我的WordPress網站?
- LoginBerry可以防止垃圾郵件、濫用和機器人註冊,確保用戶擁有其註冊的電子郵件地址,進而保護您的網站、用戶和內容安全。
3. 如何設置外掛?
- 您需要在WordPress建立一個帶有URL /account-activate/的頁面,並在該頁面加入短碼[loginberry_account_activate],未激活的用戶將被自動重定向到此頁面。
4. 管理員功能有哪些?
- 管理員可以在“使用者→所有使用者”中看到新的“帳戶激活”欄,顯示已激活、未激活和鎖定的帳戶,並進行相應操作如手動激活帳戶、重發激活碼和解鎖帳戶等。
外掛標籤
開發者團隊
② 後台搜尋「LoginBerry – 2FA, Passwordless & Email Verification」→ 直接安裝(推薦)
原文外掛簡介
LoginBerry bundles account verification, two-factor authentication (2FA), passwordless login, and login logs. Each feature can be enabled or disabled independently. Outgoing codes are delivered by email.
The plugin works for standard WordPress sites. When WooCommerce is active, additional customer- and order-related options are available (for example 2FA on the My Account login form and optional account activation tied to orders).
User-facing behavior (when features are enabled)
Account verification: After registration, the user signs in and completes activation on the configured activation page using a six-digit code sent by email.
Two-factor authentication: After a successful username and password, the user enters a second code sent by email. Per-role modes are Required, Optional, or Disabled.
Passwordless login: On wp-login.php, eligible roles may request a one-time email code instead of entering a password.
Login logs: Success and failure records are listed in the WordPress admin.
Authentication codes are email-based; end users do not install a separate authenticator app for the flows described here.
Account verification
New accounts receive a six-digit activation code by email.
After fifteen failed activation attempts, the account is locked until an administrator intervenes.
Administrators can resend codes, activate accounts manually, and unlock accounts from Users → All Users.
Two-factor authentication (2FA)
Per-role setting: Required, Optional, or Disabled.
Optional mode allows users to enable 2FA from the profile when permitted by role.
Supported on wp-login.php and on the WooCommerce My Account login form.
Passwordless login
Let users log in without a password – just enter a username or email and receive a one-time login code. Improves user experience while maintaining strong security through email verification.
Toggle between password and passwordless login on wp-login.php
One-time email codes on wp-login.php, controlled per role.
When both passwordless login and 2FA are enabled for the same role, the passwordless flow does not require a separate 2FA step (email possession is already verified).
WooCommerce
Optional automatic account activation when an WooCommerce order is created.
Optional restriction so that only paid orders trigger activation.
Integration points include classic checkout, block checkout (Store API), and paid-order completion hooks, as implemented in the plugin.
Login logs
Monitor all login activity on your site. Essential for detecting suspicious behavior and meeting security compliance requirements for e-commerce stores.
Records successful and failed login attempts
Logs username, email, IP address, and timestamp
View all logs in a dedicated admin page with sortable columns
Identify patterns of brute force attacks and suspicious login activity
Audit trail for security compliance and fraud investigation
Admin interface
Centralized settings under BerryPress → LoginBerry, with separate screens per feature.
Email templates
HTML email templates for activation, 2FA, and passwordless login ship in the plugin templates/ directory. To override, copy the desired template into the active theme or child theme under templates/loginberry/ (see each template file header for the exact path).
Email delivery
Reliable outbound email is required for codes to arrive. Typical setups use the hosting provider’s mail relay, a transactional email API (for example Brevo, Mailchimp Transactional / Mandrill, Postmark, SendGrid, Amazon SES), or a WordPress plugin that sends mail via SMTP or a provider API. Test delivery with a real signup or code request before relying on the feature in production.
Typical use cases
Reducing unwanted or automated registrations and limiting abuse of disposable email addresses.
Verifying that a customer or member controls the email address on file.
Adding a second factor after password entry for selected roles.
Reviewing login success and failure history in the admin.
WooCommerce: applying optional post-order account activation, including a paid-order-only mode where configured.
Roadmap
LoginBerry is a brand new plugin and we are improving it quickly based on real user feedback. If you have ideas, feature requests, or run into a theme-specific styling issue, we would love to hear from you.
Planned work includes:
Configurable failed-attempt limits (instead of the fixed fifteen for activation lockout)
Track last login time for each user
Custom activation page URL
Custom redirect URL after successful verification
Rate limiting on code verification attempts
Social login options
Improved styling flexibility and theme compatibility
Feedback and compatibility reports are welcome via the plugin support channels. New features are prioritized based on user feedback.
