前言介紹
- 這款 WordPress 外掛「Two Factor Authentication」是 2015-03-19 上架。
- 目前有 20000 個安裝啟用數。
- 上一次更新是 2025-04-10,距離現在已有 23 天。
- 外掛最低要求 WordPress 3.4 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.6 以上。
- 有 77 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
2FA | TFA | two factor | two factor auth | google authenticator |
內容簡介
>WordPress 二次驗證
此外掛使用雙重認證(TFA / 2FA)來增強 WordPress 的登入安全性。啟用此功能的使用者需輸入一次性密碼才能登入。本掛件由UpdraftPlus - WP's #1 備份/還原掛件的作者開發,目前已有超過 200 萬個啟用的安裝。
您是第一次接觸 TFA 嗎?請參閱我們的常見問題解答。
特色功能(請參閱「屏幕截圖」以了解詳細資訊):
支援標準 TOTP + HOTP 協議(支援 Google Authenticator、Authy 及其他相關應用程式)
提供圖形二維碼供您方便使用手機或平板掃描
可根據角色設定啟用 TFA(例如:管理員可使用,訂閱者不行)
每個用戶均可自行啟用或停用 TFA
可針對某些用戶等級設定 TFA,設定特定的時間段後(例如:管理員必須啟動 TFA,但需等到帳戶一週後才啟用)(高級版),包括強制使用者立即設定(將其導向頁面進行設定)
可使用 [twofactor_user_settings] 短代碼進行前端設定(即無需進入 WordPress 儀表板之用戶)。 (高級版可自訂設計任何您想要的版面)
站點擁有者可允許「信任的裝置」,在此裝置上要求輸入 TFA 密碼的時間為選定的天數(而不是每次登入)例如 30 天(高級版)
可與 「Theme My Login」(包括表單和小工具)共同運作
包括對 WooCommerce 和 Affiliates-WP 登錄表單的支援
包括對 Elementor Pro 登錄表單的支援(高級版)
包括對 bbPress 登錄表單的支援(高級版)
無需進一步的編寫,即可與任何第三方登錄表單共同運作 (高級版)
除非使用者已啟用 TFA,否則不會顯示或要求第二因素的出現(即未啟用 TFA 的使用者不會看到相關訊息)
支援 WP 多站網路(必須啟用外掛)
簡化的使用者介面和程式碼庫,便於使用和維護
在原始代碼上新增了一些額外的安全檢查
提供緊急密碼,以防手機或平板遺失(高級版)
使用前端短代碼時(高級版),必須輸入正確的 TFA 密碼,以便啟用 TFA
可與「WP Members」(短代碼表單)共同運作
管理員可以訪問其他用戶的密碼,並在需要時啟用或停用它們(高級版)
為何使用 TFA / 2FA ?
請參閱此文章:https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
原文外掛簡介
Secure WordPress login with this two factor authentication (TFA / 2FA) plugin. Users for whom it is enabled will require a one-time code in order to log in. From the authors of UpdraftPlus – WP’s #1 backup/restore plugin, with over two million active installs.
Are you completely new to TFA? If so, please see our FAQ.
Features (please see the “Screenshots” for more information):
Supports standard TOTP + HOTP protocols (and so supports Google Authenticator, Authy, and many others).
Displays graphical QR codes for easy scanning into apps on your phone/tablet
TFA can be made available on a per-role basis (e.g. available for admins, but not for subscribers)
TFA can be turned on or off by each user
TFA can be required for specified user levels, after a defined time period (e.g. require all admins to have TFA, once their accounts are a week old) (Premium version), including forcing them to immediately set up (by redirecting them to the page to do so)
Supports front-end editing of settings, via [twofactor_user_settings] shortcode (i.e. users don’t need access to the WP dashboard). (The Premium version allows custom designing of any layout you wish).
Site owners can allow “trusted devices” on which TFA codes are only asked for a chosen number of days (instead of every login); e.g. 30 days (Premium version)
Encrypt the TFA-generating secret keys using an on-disk encryption key, so that an attacker would need to break into both your WordPress database and your files in order to break TFA codes (as well as breaking a user’s password in order to use them)
Works together with “Theme My Login” (both forms and widgets)
Includes support for the WooCommerce and Affiliates-WP login forms
Includes support for Ultimate Membership Pro
Includes support for CozmosLabs Profile Builder
Includes support for Ultimate Member login forms (Premium version)
Includes support for Elementor Pro login forms (Premium version)
Includes support for bbPress login forms (Premium version)
Includes support for login forms from the Gravity Forms User Registration add-on (Premium version)
Includes support for any and every third-party login form (Premium version) without any further coding needed via appending your TFA code to the end of your password
Does not mention or request second factor until the user has been identified as one with TFA enabled (i.e. nothing is shown to users who do not have it enabled)
WP Multisite compatible (plugin should be network activated)
Simplified user interface and code base for ease of use and performance
Added a number of extra security checks to the original forked code
Alert users if someone appears to have found out their password, as indicated by successfully entering a password but repeatedly entering an incorrect TFA code.
Emergency codes for when you lose your phone/tablet (Premium version)
When using the front-end shortcode (Premium version), require the user to enter the current TFA code correctly to be able to activate TFA
Works together with “WP Members” (shortcode form)
Administrators can access other users’ codes, and turn them on/off when needed (Premium version)
Why use TFA / 2FA ?
Read this! https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
How Does TFA / 2FA Work?
This plugin uses the industry standard TFA / 2FA algorithm TOTP or HOTP for creating One Time Passwords. These are used by Google Authenticator, Authy, and many other OTP applications that you can deploy on your phone etc.
A TOTP code is valid for a certain time. Whatever program you use (i.e. Google Authenticator, etc.) will show a different code every so often.
Plugin Notes
This plugin began life in early 2015 as a friendly fork and enhancement of Oscar Hane’s “two factor auth” plugin.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Two Factor Authentication」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0 | 1.1 | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.5 | 1.1.6 | 1.1.7 | 1.1.8 | 1.1.9 | 1.2.2 | 1.2.3 | 1.2.6 | 1.2.7 | 1.2.8 | 1.2.9 | 1.3.1 | 1.3.2 | 1.3.3 | 1.3.4 | 1.3.5 | 1.3.7 | 1.3.9 | 1.4.0 | 1.4.1 | 1.4.2 | 1.4.7 | 1.4.9 | 1.5.1 | 1.5.2 | 1.5.5 | 1.5.6 | 1.6.0 | 1.6.2 | 1.6.4 | 1.7.0 | 1.7.1 | 1.7.2 | 1.8.2 | 1.8.5 | 1.8.6 | 1.8.7 | 1.9.2 | 1.9.4 | trunk | 1.1.10 | 1.1.11 | 1.1.13 | 1.1.14 | 1.1.15 | 1.1.18 | 1.1.19 | 1.10.0 | 1.10.2 | 1.10.3 | 1.10.4 | 1.12.2 | 1.13.0 | 1.14.3 | 1.14.4 | 1.14.5 | 1.14.7 | 1.14.8 | 1.2.10 | 1.2.12 | 1.2.13 | 1.2.14 | 1.2.15 | 1.2.16 | 1.2.17 | 1.2.20 | 1.2.21 | 1.2.22 | 1.2.26 | 1.2.27 | 1.2.28 | 1.2.29 | 1.2.30 | 1.2.34 | 1.2.35 | 1.3.10 | 1.3.11 | 1.3.12 | 1.3.13 | 1.4.10 | 1.4.12 | 1.14.10 | 1.14.11 | 1.14.14 | 1.14.15 | 1.14.16 | 1.14.17 | 1.14.23 | 1.14.24 | 1.14.26 | 1.14.27 |
延伸相關外掛(你可能也想知道)
Keyy Two Factor Authentication (like Clef) 》Keyy 提供與眾不同的雙因素驗證,使用複雜的 RSA 公鑰加密技術替代密碼,提供更強的安全性和更好的使用者體驗。Keyy 讓輸入以下內容成為過去:使用者名稱密碼...。
Value-Auth Two Factor and Access Control 》, 您可以為您的網站啟用雙重驗證。, 您可以設定登入限制。, , 您還可以檢查登入記錄。, , , 關於 Value-Auth, , Value-Auth 是 GMO-DigiRock 的服務。, 要使...。
Two Factor Auth 》使用這個雙步驟驗證外掛,確保您的 WordPress 登入安全。使用者登入時必須輸入一次性密碼。, 為什麼需要這個外掛?, 使用者可能使用共同或弱的密碼,讓駭客/...。
Swipe 》Swipe 外掛讓您可以安全地登入 WordPress,提供二步驟驗證,不用再煩惱一次性密碼。它以加強版 RSA 公鑰密碼學取代密碼,增強安全性,同時讓使用者體驗更簡單...。
Two Factor Auth for WooCommerce 》這個外掛可以讓 WooCommerce 的登入表單與「Two Factor Auth 外掛」相容。它只需將一個一次性密碼欄位加入到 WooCommerce 的登入表單中。。