內容簡介
### 外掛總結:
Rat Two-Factor Authentication 是一個輕巧卻強大的安全外掛,透過基於郵件的一次性密碼驗證,為您的 WordPress 網站增加額外的保護層。
### 問題與答案:
1. 這個外掛主要提供了哪些關鍵功能?
- 電子郵件 OTP 驗證 - 將安全的 6 位數字代碼發送到使用者的電子郵件
- 輕量且快速 - 對網站性能影響最小
- 使用者友善的介面 - 乾淨、響應式設計,適用於所有設備
- 彈性設置 - 可全域啟用 2FA 或針對個別用戶
- 角色需求 - 僅針對特定用戶角色需要 2FA
- 會話管理 - 具有超時保護的安全會話處理
- AJAX 驅動 - 無需重新載入頁面的流暢使用者體驗
- 自動提交功能 - 在輸入 6 位數字後自動提交表單
- 重發功能 - 使用者可請求新的代碼,帶有冷卻保護
- 行動友好 - 適用於行動登入體驗
- 安全第一 - Nonce 保護、輸入消毒和安全編碼實踐
2. 這個外掛的運作方式是怎樣的?
- 使用者正常輸入他們的用戶名和密碼
- 如果啟用了 2FA,他們將被重定向到 OTP 驗證畫面
- 一個 6 位數字代碼發送到他們註冊的電子郵件地址
- 使用者輸入代碼以完成登入
- 代碼在 10 分鐘後過期以提高安全性
3. Rat Two-Factor Authentication 最適合哪些用途?
- 需要加強安全性的商業網站
- 保護客戶帳戶的電子商務商店
- 具有敏感用戶數據的會員網站
- 確保投稿者訪問權限的多作者博客
- 任何希望提升登入安全性的 WordPress 網站
4. 這個外掛提供了哪些管理功能?
- 全域 2FA 設置 - 啟用所有用戶
- 強制 2FA 選項 - 對選定角色強制執行
- 基於角色的配置 - 選擇哪些角色需要 2FA
- 使用者檔案整合 - 用戶可以個別啟用/停用 2FA
- 乾淨的管理介面 - 易於配置和管理
5. 這個外掛是否對開發者友好?
- 內容有詳細註釋的良好文檔代碼
- 符合 WordPress 編碼標準
- 具有自訂的鉤子系統
外掛標籤
開發者團隊
② 後台搜尋「Rat Two-Factor Authentication」→ 直接安裝(推薦)
原文外掛簡介
Rat Two-Factor Authentication is a lightweight yet powerful security plugin that adds an extra layer of protection to your WordPress site through email-based One-Time Password (OTP) verification.
Key Features
Email-based OTP verification – Secure 6-digit codes sent to user’s email
Lightweight and fast – Minimal impact on site performance
User-friendly interface – Clean, responsive design that works on all devices
Flexible settings – Enable 2FA globally or per user
Role-based requirements – Require 2FA for specific user roles
Session management – Secure session handling with timeout protection
AJAX-powered – Smooth user experience without page reloads
Auto-submit functionality – Automatically submits form when 6 digits are entered
Resend functionality – Users can request new codes with cooldown protection
Mobile-friendly – Optimized for mobile login experiences
Security-first – Nonce protection, input sanitization, and secure coding practices
How It Works
User enters their username and password normally
If 2FA is enabled, they’re redirected to an OTP verification screen
A 6-digit code is sent to their registered email address
User enters the code to complete login
Code expires after 10 minutes for security
Perfect For
Business websites requiring enhanced security
E-commerce stores protecting customer accounts
Membership sites with sensitive user data
Multi-author blogs securing contributor access
Any WordPress site wanting better login security
Admin Features
Global 2FA setting – Enable for all users
Force 2FA option – Make it mandatory for selected roles
Role-based configuration – Choose which roles require 2FA
User profile integration – Users can enable/disable 2FA individually
Clean admin interface – Easy to configure and manage
Developer Friendly
Well-documented code with inline comments
WordPress coding standards compliant
Hook system for customization
Lightweight codebase for easy modification
No external dependencies – Pure WordPress integration
Security Features
Nonce verification for all AJAX requests
Input sanitization and validation
Secure OTP generation using WordPress built-in functions
Session timeout protection (10 minutes)
Rate limiting on resend requests
No plain text storage of OTP codes
Configuration
Global Settings
Navigate to Settings > Two-Factor Auth to configure:
Enable 2FA Globally: Turn on 2FA for all users
Force 2FA for All Users: Make 2FA mandatory regardless of user preference
Required User Roles: Select specific roles that must use 2FA
User Settings
Each user can enable/disable 2FA in their profile:
Go to Users > Profile (or Users > Your Profile)
Find the “Two-Factor Authentication” section
Check “Enable 2FA” to activate for that user
Save the profile
Email Configuration
The plugin uses WordPress’s built-in wp_mail() function. Ensure your site can send emails properly. Consider using:
SMTP plugins for reliable email delivery
Email services like SendGrid, Mailgun, or Amazon SES
Proper SPF/DKIM records for your domain
Support
For support, feature requests, or bug reports:
Plugin Support: WordPress.org Support Forum
Documentation: Available in the plugin’s admin area
Bug Reports: Please provide detailed information about your setup
Contributing
We welcome contributions! The plugin follows WordPress coding standards and best practices.
Privacy Policy
This plugin:
* Stores minimal user data (2FA preference and temporary OTP hashes)
* Does not send data to external services
* Uses WordPress’s built-in email system
* Follows WordPress privacy guidelines
* Allows data export/erasure as per GDPR requirements
Technical Requirements
WordPress 5.0 or higher
PHP 7.4 or higher
MySQL 5.6 or higher (or equivalent MariaDB)
Ability to send emails from WordPress
Modern web browser with JavaScript enabled
Credits
Developed with ❤️ by the Rat Plugins team, focused on creating lightweight, powerful, and user-friendly WordPress plugins.
License
This plugin is licensed under the GPL v2 or later.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
