[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEpTD5KmyQ_ezperJF4_OYtbeNFH61xg4dc2BkjtNbxs":3},{"slug":4,"display_name":4,"profile_url":5,"plugin_count":6,"total_installs":7,"avg_security_score":8,"avg_patch_time_days":9,"trust_score":10,"computed_at":11,"plugins":12},"oskarhane","https:\u002F\u002Fprofiles.wordpress.org\u002Foskarhane\u002F",1,10,85,30,84,"2026-04-04T19:05:24.333Z",[13],{"slug":14,"name":15,"version":16,"author":4,"author_profile":5,"description":17,"short_description":18,"active_installs":7,"downloaded":19,"rating":20,"num_ratings":21,"last_updated":22,"tested_up_to":23,"requires_at_least":24,"requires_php":25,"tags":26,"homepage":31,"download_link":32,"security_score":8,"vuln_count":33,"unpatched_count":33,"last_vuln_date":34,"fetched_at":35},"two-factor-auth","Two Factor Auth","4.4","\u003Cp>Secure WordPress login with this two factor auth. Users will have to enter an One Time Password when they log in.\u003C\u002Fp>\n\u003Ch4>Why You Need This\u003C\u002Fh4>\n\u003Cp>Users can have common or weak passwords that lets hackers\u002Fbots brute-force your WordPress site and gain access to your files and place malware there.\u003Cbr \u002F>\nJust like happend not that long ago: \u003Ca href=\"http:\u002F\u002Ftechcrunch.com\u002F2013\u002F04\u002F12\u002Fhackers-point-large-botnet-at-wordpress-sites-to-steal-admin-passwords-and-gain-server-access\u002F\" rel=\"nofollow ugc\">Article on TechCrunch\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If all sites would have used this plugin, this would never happend.\u003Cbr \u002F>\nIt doesn’t matter how weak your users passwords are, no one can gain access to your WordPress site\u003Cbr \u002F>\nwithout already having access to the users mobile phone or email inbox (depending on how the user gets his OTP).\u003C\u002Fp>\n\u003Ch4>How Does It Work?\u003C\u002Fh4>\n\u003Cp>This plugin uses the industry standard algorithm \u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FTime-based_One-time_Password_Algorithm\" rel=\"nofollow ugc\">TOTP\u003C\u002Fa> or \u003Ca href=\"http:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FHMAC-based_One-time_Password_Algorithm\" rel=\"nofollow ugc\">HOTP\u003C\u002Fa> for creating One Time Passwords.\u003Cbr \u002F>\nA OTP is valid for a certain time and after that a new code has to be entered.\u003C\u002Fp>\n\u003Cp>You can now choose to use third party apps like \u003Ca href=\"http:\u002F\u002Fcode.google.com\u002Fp\u002Fgoogle-authenticator\u002F\" rel=\"nofollow ugc\">Google Authenticator\u003C\u002Fa> which is available for most mobile platforms. You can really use any\u003Cbr \u002F>\nthird party app that supports TOTP\u002FHOTP that generates 6 digits OTP’s.\u003Cbr \u002F>\nOr, as before, you can choose to get your One Time Passwords by email.\u003C\u002Fp>\n\u003Cp>Since you have to enter a secret code to third party apps, email is the default way of delivering One Time Passwords. Your\u003Cbr \u002F>\nusers will have to activate delivery by third party apps themselves.\u003C\u002Fp>\n\u003Ch4>Easy To Use\u003C\u002Fh4>\n\u003Cp>Just install this plugin and you’re all set. There’s really nothing more to it.\u003Cbr \u002F>\nIf you want to use a third party app, goto Two Factor Auth in the admin menu and activate it and set up your app.\u003Cbr \u002F>\nGeneral settings can be found uner Settings -> Two Factor Auth in admin menu. Settings for each individual user\u003Cbr \u002F>\ncan be found at the root level of the admin menu, in Two Factor Auth.\u003Cbr \u002F>\nA bit more work to get logged in, but a whole lot more secure!\u003C\u002Fp>\n\u003Cp>If you use WooCommerce or other plugins that make custom login forms, you will not be able to login through those anymore.\u003Cbr \u002F>\nI will be adding a plugin that puts a One Time Password field to WooCommerce. If you use some other plugin that needs\u003Cbr \u002F>\nsupport for this, let me know in the support forum.\u003C\u002Fp>\n\u003Ch4>TOTP or HOTP\u003C\u002Fh4>\n\u003Cp>Which algorithm you and your users choose doesn’t really matter. The time based TOTP is a bit more secure since a One Time\u003Cbr \u002F>\nPassword is valid only for a certain amount of time. But this requires the server time to be in sync the clients time (if\u003Cbr \u002F>\nthe OTP isn’t delivered by email). This is often hard to do with embedded clients and the event based HOTP is then a better choice.\u003Cbr \u002F>\nIf you have a somewhat slow email server and have chosen email delivery, you might not get the TOTP in time.\u003C\u002Fp>\n\u003Cp>Conslusion: Choose which ever you want. TOTP is a little bit safer since OTP:s only are valid for a short period.\u003C\u002Fp>\n\u003Cp>Note that email delivery users always uses the site default algorithm, which you can set on the settings page. Third party\u003Cbr \u002F>\napps users can choose which one they want.\u003C\u002Fp>\n\u003Ch4>Is this really Two Factor Auth?\u003C\u002Fh4>\n\u003Cp>Before version 3.0 this plugin had ‘kind of’ two factor auth where the OTP was delivered to an email address.\u003Cbr \u002F>\nSince version 3.0 you can have real two factor auth if you activate the Third Party Apps delivery type.\u003C\u002Fp>\n\u003Cp>Read more about \u003Ca href=\"http:\u002F\u002Foskarhane.com\u002Ftwo-factor-auth-explained\u002F\" rel=\"nofollow ugc\">what two factor auth means >>\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>See http:\u002F\u002Foskarhane.com\u002Fplugin-two-factor-auth-for-wordpress\u002F for more info.\u003C\u002Fp>\n","Secure WordPress login with Two Factor Auth. Users will have to enter an One Time Password when they log in.",14401,92,22,"2014-07-29T12:54:00.000Z","3.9.40","3.1.0","",[27,28,29,30,14],"auth","authenticate","login","security","http:\u002F\u002Foskarhane.com\u002Fplugin-two-factor-auth-for-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor-auth.4.4.zip",0,null,"2026-03-15T15:16:48.613Z"]