內容簡介
>WordPress 二次驗證
此外掛使用雙重認證(TFA / 2FA)來增強 WordPress 的登入安全性。啟用此功能的使用者需輸入一次性密碼才能登入。本掛件由UpdraftPlus - WP's #1 備份/還原掛件的作者開發,目前已有超過 200 萬個啟用的安裝。
您是第一次接觸 TFA 嗎?請參閱我們的常見問題解答。
特色功能(請參閱「屏幕截圖」以了解詳細資訊):
支援標準 TOTP + HOTP 協議(支援 Google Authenticator、Authy 及其他相關應用程式)
提供圖形二維碼供您方便使用手機或平板掃描
可根據角色設定啟用 TFA(例如:管理員可使用,訂閱者不行)
每個用戶均可自行啟用或停用 TFA
可針對某些用戶等級設定 TFA,設定特定的時間段後(例如:管理員必須啟動 TFA,但需等到帳戶一週後才啟用)(高級版),包括強制使用者立即設定(將其導向頁面進行設定)
可使用 [twofactor_user_settings] 短代碼進行前端設定(即無需進入 WordPress 儀表板之用戶)。 (高級版可自訂設計任何您想要的版面)
站點擁有者可允許「信任的裝置」,在此裝置上要求輸入 TFA 密碼的時間為選定的天數(而不是每次登入)例如 30 天(高級版)
可與 「Theme My Login」(包括表單和小工具)共同運作
包括對 WooCommerce 和 Affiliates-WP 登錄表單的支援
包括對 Elementor Pro 登錄表單的支援(高級版)
包括對 bbPress 登錄表單的支援(高級版)
無需進一步的編寫,即可與任何第三方登錄表單共同運作 (高級版)
除非使用者已啟用 TFA,否則不會顯示或要求第二因素的出現(即未啟用 TFA 的使用者不會看到相關訊息)
支援 WP 多站網路(必須啟用外掛)
簡化的使用者介面和程式碼庫,便於使用和維護
在原始代碼上新增了一些額外的安全檢查
提供緊急密碼,以防手機或平板遺失(高級版)
使用前端短代碼時(高級版),必須輸入正確的 TFA 密碼,以便啟用 TFA
可與「WP Members」(短代碼表單)共同運作
管理員可以訪問其他用戶的密碼,並在需要時啟用或停用它們(高級版)
為何使用 TFA / 2FA ?
請參閱此文章:https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
外掛標籤
開發者團隊
📦 歷史版本下載
原文外掛簡介
Secure WordPress login with this two factor authentication (TFA / 2FA) plugin. Users for whom it is enabled will require a one-time code in order to log in. From the authors of UpdraftPlus – WP’s #1 backup/restore plugin, with over two million active installs.
Are you completely new to TFA? If so, please see our FAQ.
Features (please see the “Screenshots” for more information):
Supports standard TOTP + HOTP protocols (and so supports Google Authenticator, Authy, and many others).
Displays graphical QR codes for easy scanning into apps on your phone/tablet
TFA can be made available on a per-role basis (e.g. available for admins, but not for subscribers)
TFA can be turned on or off by each user
TFA can be required for specified user levels, after a defined time period (e.g. require all admins to have TFA, once their accounts are a week old) (Premium version), including forcing them to immediately set up (by redirecting them to the page to do so)
Supports front-end editing of settings, via [twofactor_user_settings] shortcode (i.e. users don’t need access to the WP dashboard). (The Premium version allows custom designing of any layout you wish).
Site owners can allow “trusted devices” on which TFA codes are only asked for a chosen number of days (instead of every login); e.g. 30 days (Premium version)
Encrypt the TFA-generating secret keys using an on-disk encryption key, so that an attacker would need to break into both your WordPress database and your files in order to break TFA codes (as well as breaking a user’s password in order to use them)
Works together with “Theme My Login” (both forms and widgets)
Includes support for the WooCommerce and Affiliates-WP login forms
Includes support for Ultimate Membership Pro
Includes support for CozmosLabs Profile Builder
Includes support for Ultimate Member login forms (Premium version)
Includes support for Elementor Pro login forms (Premium version)
Includes support for bbPress login forms (Premium version)
Includes support for Easy Digital Downloads login forms (Premium version)
Includes support for RegistrationMagic login forms (Premium version)
Includes support for login forms from the Gravity Forms User Registration add-on (Premium version)
Includes support for login forms (shortcode forms only) from Paid Memberships Pro (Premium version)
Includes support for any and every third-party login form (Premium version) without any further coding needed via appending your TFA code to the end of your password
Does not mention or request second factor until the user has been identified as one with TFA enabled (i.e. nothing is shown to users who do not have it enabled)
WP Multisite compatible (plugin should be network activated)
Simplified user interface and code base for ease of use and performance
Added a number of extra security checks to the original forked code
Alert users if someone appears to have found out their password, as indicated by successfully entering a password but repeatedly entering an incorrect TFA code.
Emergency codes for when you lose your phone/tablet (Premium version)
When using the front-end shortcode (Premium version), require the user to enter the current TFA code correctly to be able to activate TFA
Works together with “WP Members” (shortcode form)
Administrators can access other users’ codes, and turn them on/off when needed (Premium version)
Why use TFA / 2FA ?
Read this! https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
How Does TFA / 2FA Work?
This plugin uses the industry standard TFA / 2FA algorithm TOTP or HOTP for creating One Time Passwords. These are used by Google Authenticator, Authy, and many other OTP applications that you can deploy on your phone etc.
A TOTP code is valid for a certain time. Whatever program you use (i.e. Google Authenticator, etc.) will show a different code every so often.
Plugin Notes
This plugin began life in early 2015 as a friendly fork and enhancement of Oscar Hane’s “two factor auth” plugin.
