內容簡介
總結:Secure 2FA 透過多種認證方法為您的WordPress登錄流程增加了額外的安全層。
以下是提供的問題與答案:
1. Secure 2FA提供的功能是什麼?
- 免費的雙因素認證(2FA)外掛程式
- 多種認證方法:一次性密碼(OTP)、Yubico OTP(YubiKey)、電子郵件OTP和WhatsApp OTP
- 可自訂的OTP配置:過期時間、重試次數等
- 基於角色的執行:對所有角色或特定角色要求2FA,排除其他角色
- 支持WordPress多站點和單站點安裝程式
- 活動日誌追蹤:監控認證嘗試和安全事件
- 速率限制:通過限制每位用戶的OTP請求來防止暴力攻擊
- 備份恢復代碼:允許用戶在遺失主要2FA方法時恢復存取權
- 自動日誌清理:啟用或禁用舊活動日誌的自動刪除,並配置排程
- UI控制:管理側邊欄、管理工具欄和用戶列表中“配置2FA”選項的可見性
2. Secure 2FA對於哪些認證方法提供支援?
- 時間密碼一次性密碼2FA方法
- WhatsApp 2FA方法
- 電子郵件OTP 2FA方法
- Yubico OTP 2FA方法
3. Secure 2FA的系統需求是什麼?
- WordPress 6.0或更新版本
- PHP版本為7.4或更新版本
4. Secure 2FA使用了哪些外部庫和服務?
- intl-tel-input庫提供電話號碼格式功能
- 整合Meta的WhatsApp Business API等服務,需遵守Meta的服務條款和定價政策
- 整合Yubico OTP API,將用戶的一次性密碼(OTP)安全地發送給Yubico的驗證服務以進行登錄驗證
5. Secure 2FA的授權是什麼?
- Secure 2FA根據GNU通用公共許可證v2或更新版本授權。
外掛標籤
開發者團隊
原文外掛簡介
Secure 2FA adds an extra layer of security to your WordPress login process by enabling 2FA via several authentication methods.
Features
Free two-factor authentication (2FA) plugin
Multiple authentication methods: One-time password (OTP), Yubico OTP (YubiKey), Email OTP, and WhatsApp OTP
Customizable OTP configurations: Expiration time, retries, and more
Role-based enforcement: Require 2FA for all or specific roles while excluding others
Supports WordPress Multisite and single-site installations
Activity log tracking: Monitor authentication attempts and security events
Rate limiting: Prevent brute-force attacks by limiting OTP requests per user
Backup recovery codes: Allow users to regain access if they lose their primary 2FA method
Automatic log cleanup: Enable or disable automatic deletion of old activity logs with configurable schedules
UI control: Manage the visibility of the “Configure 2FA” option in the sidebar, admin toolbar, and user list
Time-based One-Time Password 2FA Method
Compatible with diifrent authotcitors apps susch as Google Authenticator and Duo etc.
Generates QR codes during 2FA setup.
Supports manual setup keys.
WhatsApp 2FA Method
This method leverages Meta’s official API to send OTPs via WhatsApp authentication template. It supports the following features:
Set a default template language.
Support multiple template languages based on the user’s UI language (templates must match WhatsApp requirements).
Define a base country for phone numbers when configuring 2FA.
Restrict phone number selection by specifying an allowed countries list.
Enable IP address lookup to detect the user’s country during 2FA setup.
Allow or prevent multiple users from using the same phone number.
Set custom phone number regex patterns to enforce specific formatting rules.
Email OTP 2FA Method
Allow or disallow users to enter a different email when configuring email as a two-factor authentication method.
Specify a custom email address from which OTPs will be sent.
Customize email languages, subject lines, and message content based on supported languages.
Yubico OTP 2FA Method
Yubico OTP is a secure and convenient authentication method supported by all YubiKeys out of the box. It provides an additional layer of security as a second-factor authentication option.
Requirements
WordPress 6.0 or newer.
PHP version 7.4 or newer.
External Library and Services Usage
The plugin utilizes the intl-tel-input library to provide phone number formatting functionality.
The plugin integrates with Meta’s WhatsApp Business API, which is subject to Meta’s Terms of Service and pricing policies. You may need to subscribe to a third-party WhatsApp API method or a Meta-approved Business Solution Provider to use this service. For details, visit Meta’s WhatsApp Business API documentation.
The plugin integrates with the Yubico OTP API. It securely sends the user’s one-time password (OTP) to Yubico’s verification service to authenticate login attempts. Review Yubico’s Terms & Conditions and Privacy Notice for more details.
License
Secure 2FA is licensed under the GNU General Public License v2 or later.
