內容簡介
總結:這款外掛是用於加強 WordPress 登入安全性的雙因素驗證(MFA / 2FA)外掛。啟用該外掛的使用者將需要輸入一次性代碼才能登入。
- 支援標準的 TOTP 協議(因此支援 Google Authenticator、Authy 等等)。
- 提供圖形 QR 代碼以方便掃描到您的手機/平板電腦應用程式中。
- 每位使用者可以自行啟用或關閉 MFA。
- 支援透過 [si2flose_twofactor_user_settings] 短碼在前端編輯設置(即使用者無需進入 WP 控制面板)。
- 簡化的使用者介面和程式碼基礎以提升易用性和效能。
- 若有人似乎已找出他們的密碼,即通過成功輸入密碼但繼續輸入錯誤的 MFA 代碼時,會提醒使用者。
- 在使用前端短碼時,需求使用者正確輸入當前 MFA 代碼才能啟動 MFA。
### MFA / 2FA 如何運作?
- 這款外掛使用業界標準 MFA / 2FA 演算法 TOTP 來產生一次性密碼。這些被 Google Authenticator、Authy 等 OTP 應用程式使用,可部署在您的手機等設備上。
- TOTP 代碼在特定時間內有效。無論您使用哪個程式(如 Google Authenticator 等),都會定期顯示不同的代碼。
### 外掛備註:
- 這款外掛於 2025 年初開始,作為友好衍生版本和增強版的 'wp mfa 驗證' 外掛。
- 這款外掛需要 PHP 版本 5.3 或更高,並支持 php-openssl 或 PHP mcrypt。絕大多數的 PHP 設置都有其中之一。如果沒有,請詢問您的主機公司。
### 啟用外掛步驟:
1. 在 WordPress 的 '外掛' 選單中搜索 'SI 2FA Login Security'。
2. 點擊 '安裝' 按鈕(確保選擇正確的)。
3. 通過 WordPress 的 '外掛' 選單啟用外掛。
4. 在 '設置' -> 'Mfa Factor Setting' 中找到站點範圍的設置;在頂層菜單項目 'MFA Factor Auth' 中找到您自己的使用者設置。
若您想在站點前端新增一個部分,讓使用者可以配置他們的雙因素驗證設置,請使用此短碼:[si2flose_twofactor_user_settings]
外掛標籤
開發者團隊
原文外掛簡介
Secure WordPress login with this two factor authentication (MFA / 2FA) plugin. Users for whom it is enabled will require a one-time code in order to log in.
Features
Supports standard TOTP protocols (and so supports Google Authenticator, Authy, and many others).
Displays graphical QR codes for easy scanning into apps on your phone/tablet
MFA can be turned on or off by each user
Supports front-end editing of settings, via shortcode (i.e. users don’t need access to the WP dashboard).
User login history
[si2flose_twofactor_user_settings]
Simplified user interface and code base for ease of use and performance
Alert users if someone appears to have found out their password, as indicated by successfully entering a password but repeatedly entering an incorrect MFA code.
When using the front-end shortcode, require the user to enter the current MFA code correctly to be able to activate MFA
How Does MFA / 2FA Work?
This plugin uses the industry standard MFA / 2FA algorithm TOTP for creating One Time Passwords. These are used by Google Authenticator, Authy, and many other OTP applications that you can deploy on your phone etc.
A TOTP code is valid for a certain time. Whatever program you use (i.e. Google Authenticator, etc.) will show a different code every so often.
Plugin Notes
This plugin began life in early 2025 as a friendly fork and enhancement of “wp mfa authentication” plugin.
This plugin requires PHP version 5.3 or higher and support for either php-openssl or PHP mcrypt. The vast majority of PHP setups will have one of these. If not, ask your hosting company.
Search for ‘SI 2FA Login Security’ in the ‘Plugins’ menu in WordPress.
Click the ‘Install’ button. (Make sure you picks the right one)
Activate the plugin through the ‘Plugins’ menu in WordPress
Find site-wide settings in 2FA User Settings ; find your own user settings in the top-level menu entry “2FA User Settings”.
If you want to add a section to the front-end of your site where users can configure their two-factor authentication settings, use this shortcode:
[si2flose_twofactor_user_settings]
