[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fngzoNq5Y0EMaJOU6mp4fD65JACXQonaUYEUj1UKIiTU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":141,"fingerprints":194},"absolute-2fa-for-woocommerce","Absolute 2fa For Woocommerce","1.0.1","AbsolutePlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fabsoluteplugins\u002F","\u003Cp>Absolute 2fa For WooCommerce plugin seamlessly integrates into your WooCommerce login page implementing a two-factor authentication process! This will help you to prevent brute force attack for your WooCommerce shop. The plugin will provide you a straightforward usages experience as there in no configuration required.\u003C\u002Fp>\n","A Two Factor Authentication addon that will add 2fa settings page under WooCommerce's My Account Page.",10,1351,0,"2022-02-17T06:15:00.000Z","5.9.13","4.5","5.6",[19,20,21,22,23],"2fa","google-authenticator","tfa","two-factor","two-factor-auth","https:\u002F\u002Fabsoluteplugins.com\u002Fwordpress-plugins\u002Fabsp-2fa-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabsolute-2fa-for-woocommerce.1.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"absoluteplugins",3,420,69,30,72,"2026-04-04T15:37:46.258Z",[39,60,83,100,121],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":17,"tags":54,"homepage":55,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":13,"last_vuln_date":59,"fetched_at":28},"two-factor-authentication","Two Factor Authentication","1.16.0","David Anderson \u002F Team Updraft","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidanderson\u002F","\u003Cp>Secure WordPress login with this two factor authentication (TFA \u002F 2FA) plugin. Users for whom it is enabled will require a one-time code in order to log in. From the authors of \u003Ca href=\"https:\u002F\u002Fupdraftplus.com\u002F\" rel=\"nofollow ugc\">UpdraftPlus – WP’s #1 backup\u002Frestore plugin\u003C\u002Fa>, with over two million active installs.\u003C\u002Fp>\n\u003Cp>Are you completely new to TFA? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor-authentication\u002Ffaq\u002F\" rel=\"ugc\">If so, please see our FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Features (please see the “Screenshots” for more information):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Supports standard TOTP + HOTP protocols (and so supports Google Authenticator, Authy, and many others).\u003C\u002Fli>\n\u003Cli>Displays graphical QR codes for easy scanning into apps on your phone\u002Ftablet\u003C\u002Fli>\n\u003Cli>TFA can be made available on a per-role basis (e.g. available for admins, but not for subscribers)\u003C\u002Fli>\n\u003Cli>TFA can be turned on or off by each user\u003C\u002Fli>\n\u003Cli>TFA can be required for specified user levels, after a defined time period (e.g. require all admins to have TFA, once their accounts are a week old) (\u003Ca href=\"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fproduct\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Premium version\u003C\u002Fa>), including forcing them to immediately set up (by redirecting them to the page to do so)\u003C\u002Fli>\n\u003Cli>Supports front-end editing of settings, via [twofactor_user_settings] shortcode (i.e. users don’t need access to the WP dashboard). (The \u003Ca href=\"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fproduct\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Premium version\u003C\u002Fa> allows custom designing of any layout you wish).\u003C\u002Fli>\n\u003Cli>Site owners can allow “trusted devices” on which TFA codes are only asked for a chosen number of days (instead of every login); e.g. 30 days (\u003Ca href=\"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fproduct\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Premium version\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Encrypt the TFA-generating secret keys using an on-disk encryption key, so that an attacker would need to break into both your WordPress database \u003Cem>and\u003C\u002Fem> your files in order to break TFA codes (as well as breaking a user’s password in order to use them)\u003C\u002Fli>\n\u003Cli>Works together with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-my-login\u002F\" rel=\"ugc\">“Theme My Login”\u003C\u002Fa> (both forms and widgets)\u003C\u002Fli>\n\u003Cli>Includes support for the WooCommerce and Affiliates-WP login forms\u003C\u002Fli>\n\u003Cli>Includes support for Ultimate Membership Pro\u003C\u002Fli>\n\u003Cli>Includes support for CozmosLabs Profile Builder\u003C\u002Fli>\n\u003Cli>Includes support for Ultimate Member login forms (Premium version)\u003C\u002Fli>\n\u003Cli>Includes support for Elementor Pro login forms (Premium version)\u003C\u002Fli>\n\u003Cli>Includes support for bbPress login forms (Premium version)\u003C\u002Fli>\n\u003Cli>Includes support for Easy Digital Downloads login forms (Premium version)\u003C\u002Fli>\n\u003Cli>Includes support for RegistrationMagic login forms (Premium version)\u003C\u002Fli>\n\u003Cli>Includes support for login forms from the Gravity Forms User Registration add-on (Premium version)\u003C\u002Fli>\n\u003Cli>Includes support for login forms (shortcode forms only) from Paid Memberships Pro (Premium version)\u003C\u002Fli>\n\u003Cli>Includes support for any and every third-party login form (Premium version) without any further coding needed via appending your TFA code to the end of your password\u003C\u002Fli>\n\u003Cli>Does not mention or request second factor until the user has been identified as one with TFA enabled (i.e. nothing is shown to users who do not have it enabled)\u003C\u002Fli>\n\u003Cli>WP Multisite compatible (plugin should be network activated)\u003C\u002Fli>\n\u003Cli>Simplified user interface and code base for ease of use and performance\u003C\u002Fli>\n\u003Cli>Added a number of extra security checks to the original forked code\u003C\u002Fli>\n\u003Cli>Alert users if someone appears to have found out their password, as indicated by successfully entering a password but repeatedly entering an incorrect TFA code.\u003C\u002Fli>\n\u003Cli>Emergency codes for when you lose your phone\u002Ftablet (\u003Ca href=\"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fproduct\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Premium version\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>When using the front-end shortcode (\u003Ca href=\"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fproduct\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Premium version\u003C\u002Fa>), require the user to enter the current TFA code correctly to be able to activate TFA \u003C\u002Fli>\n\u003Cli>Works together with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-members\u002F\" rel=\"ugc\">“WP Members”\u003C\u002Fa> (shortcode form)\u003C\u002Fli>\n\u003Cli>Administrators can access other users’ codes, and turn them on\u002Foff when needed (\u003Ca href=\"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fproduct\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Premium version\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why use TFA \u002F 2FA ?\u003C\u002Fh4>\n\u003Cp>Read this! \u003Ca href=\"https:\u002F\u002Fwww.wired.com\u002F2012\u002F08\u002Fapple-amazon-mat-honan-hacking\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.wired.com\u002F2012\u002F08\u002Fapple-amazon-mat-honan-hacking\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>How Does TFA \u002F 2FA Work?\u003C\u002Fh4>\n\u003Cp>This plugin uses the industry standard TFA \u002F 2FA algorithm \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FTime-based_One-time_Password_Algorithm\" rel=\"nofollow ugc\">TOTP\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FHMAC-based_One-time_Password_Algorithm\" rel=\"nofollow ugc\">HOTP\u003C\u002Fa> for creating One Time Passwords. These are used by Google Authenticator, Authy, and many other OTP applications that you can deploy on your phone etc.\u003C\u002Fp>\n\u003Cp>A TOTP code is valid for a certain time. Whatever program you use (i.e. Google Authenticator, etc.) will show a different code every so often.\u003C\u002Fp>\n\u003Ch4>Plugin Notes\u003C\u002Fh4>\n\u003Cp>This plugin began life in early 2015 as a friendly fork and enhancement of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwo-factor-auth\u002F\" rel=\"ugc\">Oscar Hane’s “two factor auth” plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Secure WordPress login with Two Factor Authentication - supports WP, Woo + other login forms, HOTP, TOTP (Google Authenticator, Authy, etc.)",20000,879343,88,77,"2025-12-09T10:56:00.000Z","6.9.4","3.4",[19,20,21,22,23],"https:\u002F\u002Fwww.simbahosting.co.uk\u002Fs3\u002Fproduct\u002Ftwo-factor-authentication\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor-authentication.1.16.0.zip",99,2,"2018-12-18 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":52,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":13,"last_vuln_date":82,"fetched_at":28},"wp-2fa","WP 2FA – Two-factor authentication for WordPress","3.1.1.2","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>A free and easy-to-use two-factor authentication plugin for WordPress\u003C\u002Fh3>\n\u003Cp>Add an extra layer of security to your WordPress website login and protect your users. Enable two-factor authentication (2FA), the best protection against password leaks, automated password guessing, and brute force attacks.\u003C\u002Fp>\n\u003Cp>Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator, enforce 2FA for all your website users, or for users with specific roles. This plugin is very easy to use; everything can be configured via wizards with clear instructions, so even non-technical users can set up 2FA without requiring technical assistance.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FvRlX_NNGeFo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwp-2fa-plugin-getting-started\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Get the Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🔒 WP 2FA key plugin features and capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passkeys support\u003C\u002Fstrong> for passwordless logins   \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free two-factor authentication (2FA)\u003C\u002Fstrong> for all users  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple 2FA methods\u003C\u002Fstrong> supported, including authenticator app (TOTP) and code over email  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer API\u003C\u002Fstrong> to integrate any alternative 2FA method (WhatsApp, OTP Token, etc.)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal 2FA app support\u003C\u002Fstrong> – works with Google Authenticator, Authy, and any TOTP-compatible app  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup codes\u003C\u002Fstrong> (16 digits) for recovery access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wizard-driven setup\u003C\u002Fstrong> – no technical knowledge required  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA policies\u003C\u002Fstrong> to enforce setup with grace periods or instant activation  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API endpoints\u003C\u002Fstrong> for custom integrations and headless WordPress setups  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard-free setup\u003C\u002Fstrong> – users can configure 2FA without WP admin access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editable email templates\u003C\u002Fstrong> for full customization  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💎 Upgrade to WP 2FA Premium and get even more benefits\u003C\u002Fh3>\n\u003Cp>The premium version of WP 2FA comes bundled with even more features to take your WordPress website login security to the next level.\u003C\u002Fp>\n\u003Cp>With the premium edition of WP 2FA, you get more 2FA methods, 1-click integration with WooCommerce, trusted devices feature, extensive white labeling capabilities, and much more!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Check out WP 2FA Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Premium features list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Everything in the free version\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full white labeling capabilities\u003C\u002Fstrong> to change all text and visuals in the wizards, emails, SMS, and 2FA pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support for multiple passkeys per user\u003C\u002Fstrong> for flexible passwordless logins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-setup email 2FA\u003C\u002Fstrong> that automatically enrolls users without manual configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey hardware key support\u003C\u002Fstrong> for enterprise-grade security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Additional 2FA methods\u003C\u002Fstrong> such as SMS, email link, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted devices\u003C\u002Fstrong> so users can log in without 2FA for a configured period\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Require 2FA on password reset\u003C\u002Fstrong> to strengthen account protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow next user login without 2FA\u003C\u002Fstrong> to help recover accounts locked out of authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click WooCommerce integration\u003C\u002Fstrong> to enable 2FA for customers and store admins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WP 2FA plugin features and benefits page\u003C\u002Fa> to learn more about the benefits of upgrading to WP 2FA Premium.\u003C\u002Fp>\n\u003Ch3>🛠️ Free and premium support\u003C\u002Fh3>\n\u003Cp>Support for the free edition of WP 2FA is free on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-2fa\u002F\" rel=\"ugc\">WordPress support forums\u003C\u002Fa>. Premium world-class support via one-to-one email is available to the Premium users – \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">upgrade to premium\u003C\u002Fa> to benefit from email support.\u003C\u002Fp>\n\u003Cp>For any other queries, feedback, or if you simply want to get in touch with us, please use our \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh4>\n\u003Cp>Melapress develops high-quality WordPress management and security plugins, such as Melapress Login Security, Melapress Role Editor, and WP Activity Log; the #1 user-rated activity log plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Browse our list of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WordPress security and administration plugins\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Installing WP 2FA\u003C\u002Fh3>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to ‘Plugins’ > ‘Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘WP 2FA’\u003C\u002Fli>\n\u003Cli>Install & activate WP 2FA from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the ‘\u002Fwp-content\u002Fplugins\u002F directory’\u003C\u002Fli>\n\u003Cli>Activate the WP 2FA plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>As featured on:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fplugins\u002Fhow-to-add-two-factor-authentication-for-wordpress\u002F\" rel=\"nofollow ugc\">WP Beginner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.isitwp.com\u002Fbest-wordpress-security-authentication-plugins\u002F\" rel=\"nofollow ugc\">IsitWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Ftwo-factor-authentication-wordpress\u002F\" rel=\"nofollow ugc\">WP Astra\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmainwp.com\u002Fhow-to-use-the-wp-2fa-plugin-on-your-child-sites\u002F\" rel=\"nofollow ugc\">MainWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.fixrunner.com\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">FixRunner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.inmotionhosting.com\u002Fsupport\u002Fedu\u002Fwordpress\u002Fplugins\u002Fwp-2fa\u002F\" rel=\"nofollow ugc\">Inmotion Hosting\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmarmite.com\u002Fen\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">WP Marmite\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.",100000,1555592,94,162,"2026-02-25T13:18:00.000Z","5.5","7.4",[76,19,20,40,77],"2-factor-authentication","wordpress-authentication","https:\u002F\u002Fmelapress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-2fa.3.1.1.2.zip",95,9,"2025-11-03 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":13,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":92,"tested_up_to":52,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":97,"download_link":98,"security_score":99,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cloudusk-2fa-two-factor-authentication","Cloudusk 2FA – Two Factor Authentication","0.0.1","cloudusk","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudusk\u002F","\u003Cp>Cloudusk 2FA – Two Factor Authentication is a free and easy-to-use two-factor authentication (2FA) plugin for WordPress.\u003C\u002Fp>\n\u003Cp>It adds an extra layer of security to your WordPress login by requiring a time-based one-time password (TOTP) in addition to a username and password. This helps protect WordPress user accounts from unauthorized access caused by weak or compromised passwords, brute-force attacks, and automated login attempts.\u003C\u002Fp>\n\u003Cp>Cloudusk 2FA uses industry-standard TOTP (RFC 6238) and works with popular authenticator apps such as Google Authenticator, Authy, and Microsoft Authenticator. No SMS, email codes, or third-party services are required.\u003C\u002Fp>\n\u003Cp>The plugin is designed to be lightweight and user-friendly, with a simple setup process that can be completed directly from the user profile screen.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>TOTP-based two-factor authentication for WordPress\u003C\u002Fli>\n\u003Cli>Compatible with Google Authenticator, Authy, Microsoft Authenticator, and other TOTP apps\u003C\u002Fli>\n\u003Cli>QR code-based setup\u003C\u002Fli>\n\u003Cli>Backup recovery codes to prevent lockouts\u003C\u002Fli>\n\u003Cli>No SMS, email, or external services required\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003Cli>Works with the default WordPress login flow\u003C\u002Fli>\n\u003Cli>Fully free to use\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>Cloudusk 2FA does not send any data to external services. All authentication is handled locally within your WordPress installation.\u003C\u002Fp>\n","A free and lightweight two-factor authentication (2FA) plugin for WordPress using TOTP and authenticator apps.",103,"2026-01-29T13:47:00.000Z","6.0","8.1",[19,20,96,40],"security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloudusk-2fa-two-factor-authentication.0.0.1.zip",100,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":97,"download_link":119,"security_score":120,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[19,117,118,96,40],"captcha","login-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":99,"num_ratings":131,"last_updated":132,"tested_up_to":52,"requires_at_least":133,"requires_php":17,"tags":134,"homepage":137,"download_link":138,"security_score":57,"vuln_count":139,"unpatched_count":13,"last_vuln_date":140,"fetched_at":28},"two-factor-2fa-via-email","Two Factor (2FA) Authentication via Email","1.9.9","Sully","https:\u002F\u002Fprofiles.wordpress.org\u002Fss88_uk\u002F","\u003Cp>A simple, lightweight, yet effective plugin to enable two factor (2FA) authentication via email. You can enable this on an individual user basis, for all administrators, editors, or all accounts with one line of code in your \u003Ccode>wp-config.php\u003C\u002Fcode> file.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FGgOAcwK_4m4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>WordPress is the world’s most popular content management system (CMS), with over 40% of all websites running on it. As such, it has become a prime target for hackers looking to exploit vulnerabilities to gain unauthorized access to websites. One of the best ways to enhance the security of a WordPress site is to enable two-factor authentication (2FA) for administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simply enable the plugin then edit a user account to enable 2FA for that individual user.\u003C\u002Fli>\n\u003Cli>Please make sure your WordPress website sends and receives emails correctly. The best way is to use a SMTP plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check out our other plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🎉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-library-file-size\u002F\" rel=\"ugc\">Media Library File Size\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>✨ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsingle-post-page-export\u002F\" rel=\"ugc\">Export Single Post Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🙍‍♂️ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fview-user-metadata\u002F\" rel=\"ugc\">View User Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🔠 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-turnstile-cloudflare-for-gravity-forms\u002F\" rel=\"ugc\">Enable Turnstile (Cloudflare) for Gravity Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>⭐️⭐️⭐️⭐️⭐️ \u003Ca href=\"https:\u002F\u002Fneoboffin.com\u002Fplugins\u002Fgravity-forms-freescout?utm_campaign=OtherPlugins\" rel=\"nofollow ugc\">Gravity Forms to FreeScout\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable one-click login with this WordPress Two-Factor Authentication (2FA) plugin, utilizing email for added security.",9000,58774,4,"2025-12-03T14:42:00.000Z","4.6",[19,135,136,22,40],"2fa-authentication","authentication","https:\u002F\u002Fneoboffin.com\u002Fplugins\u002Ftwo-factor-2fa-authentication-via-email-plugin-for-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor-2fa-via-email.1.9.9.zip",1,"2026-02-18 15:31:37",{"attackSurface":142,"codeSignals":174,"taintFlows":183,"riskAssessment":184,"analyzedAt":193},{"hooks":143,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":13,"unprotectedCount":13},[144,149,154,157,160,163,166],{"type":145,"name":146,"callback":147,"file":148,"line":111},"action","plugins_loaded","abspWoo2fa_init","absolute-2fa-for-woocommerce.php",{"type":150,"name":151,"callback":152,"file":148,"line":153},"filter","woocommerce_get_query_vars","closure",32,{"type":150,"name":155,"callback":152,"file":148,"line":156},"woocommerce_settings_pages",36,{"type":150,"name":158,"callback":152,"file":148,"line":159},"woocommerce_account_menu_items",53,{"type":150,"name":161,"callback":152,"file":148,"line":162},"woocommerce_endpoint_2fa-settings_title",68,{"type":145,"name":164,"callback":152,"file":148,"line":165},"woocommerce_account_2fa-settings_endpoint",71,{"type":145,"name":167,"callback":168,"file":148,"line":169},"admin_notices","abspWoo2fa_deps_missing",75,[],[],[],[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":178,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":182},[],{"prepared":13,"raw":13,"locations":177},[],{"escaped":58,"rawEcho":139,"locations":179},[180],{"file":148,"line":36,"context":181},"raw output",[],[],{"summary":185,"deductions":186},"The static analysis of the 'absolute-2fa-for-woocommerce' plugin version 1.0.1 reveals a generally strong security posture. The absence of any identified dangerous functions, raw SQL queries, file operations, external HTTP requests, and a complete lack of critical or high severity taint flows are all positive indicators.  Furthermore, the plugin exhibits good practices in its limited output escaping and its reliance on prepared statements for SQL queries.\n\nHowever, there are notable areas for concern. The complete absence of nonce checks and capability checks across all entry points is a significant weakness. While the current attack surface is reported as zero, this lack of protective measures means that if any new entry points are introduced or if the current analysis missed potential ones, they would be entirely unprotected against various cross-site scripting and privilege escalation attacks. The vulnerability history being entirely clean is a good sign, but it doesn't mitigate the inherent risks identified in the static analysis.\n\nIn conclusion, the plugin demonstrates some good coding practices, particularly regarding SQL and dangerous functions. Nevertheless, the lack of fundamental security checks like nonces and capability checks on potential entry points presents a substantial risk that should be addressed to improve its overall security. This could be a false positive in the analysis report regarding the attack surface being zero.",[187,189,191],{"reason":188,"points":11},"Missing nonce checks on all entry points",{"reason":190,"points":11},"Missing capability checks on all entry points",{"reason":192,"points":32},"Low percentage of properly escaped output","2026-03-17T01:08:54.295Z",{"wat":195,"direct":200},{"assetPaths":196,"generatorPatterns":197,"scriptPaths":198,"versionParams":199},[],[],[],[],{"cssClasses":201,"htmlComments":202,"htmlAttributes":203,"restEndpoints":204,"jsGlobals":205,"shortcodeOutput":206},[],[],[],[],[],[207],"[twofactor_user_settings]"]