WP-Safety

OLS 2FA Security & Risk Analysis

wordpress.org/plugins/ols-2fa

OLS 2FA is a lightweight plugin that enhances your website's security by adding email two-factor authentication (2FA).

0 active installs v1.0.2 PHP 5.5+ WP 6.1+ Updated Dec 9, 2024
2faemail-authenticationsecuritytwo-factor-authentication
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is OLS 2FA Safe to Use in 2026?

Generally Safe

Score 92/100

OLS 2FA has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The ols-2fa plugin v1.0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries, has a high rate of properly escaped output, and avoids file operations and external HTTP requests. The absence of known CVEs and a clean vulnerability history further suggests a generally secure codebase. However, a significant concern arises from the plugin's attack surface. All three identified REST API routes lack permission callbacks, making them unprotected entry points that could potentially be exploited by unauthenticated users. While the taint analysis did not reveal any critical or high-severity unsanitized flows, the presence of unprotected REST API routes represents a tangible risk that warrants attention. The plugin's limited use of nonces and capability checks on its entry points, coupled with a modest number of total checks, also suggests an opportunity for strengthening its security measures against various attack vectors.

Key Concerns

  • REST API routes without permission callbacks
  • 3 unprotected entry points in total
  • Only 2 nonce checks for 3 entry points
  • Only 5 capability checks for 3 entry points
Vulnerabilities
None known

OLS 2FA Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

OLS 2FA Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
10 prepared
Unescaped Output
5
43 escaped
Nonce Checks
2
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared10 total queries

Output Escaping

90% escaped48 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
otp_form (inc\class-form-template.php:9)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

OLS 2FA Attack Surface

Entry Points3
Unprotected3

REST API Routes 3

GET/wp-json/ols-2fa/v1/settingsinc\api\class-settings.php:25
GET/wp-json/ols-2fa/v1/send-auth-code-emailinc\api\class-settings.php:49
GET/wp-json/ols-2fa/v1/verify-auth-codeinc\api\class-settings.php:59
WordPress Hooks 6
actionrest_api_initinc\api\class-settings.php:16
actionwp_logininc\class-email-2fa.php:9
actionlogin_form_validate_ols_2fainc\class-email-2fa.php:10
actioninitols-2fa.php:44
actionadmin_enqueue_scriptssrc\non-blocks\admin\settings\index.php:24
actionadmin_menusrc\non-blocks\admin\settings\index.php:25
Maintenance & Trust

OLS 2FA Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 9, 2024
PHP min version5.5
Downloads529

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

OLS 2FA Alternatives

Wordfence Login Security

Wordfence Login Security

wordfence-login-security

A
92

Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.

70K No CVEs
Rublon Multi-Factor Authentication (MFA)

Rublon Multi-Factor Authentication (MFA)

rublon

A
100

Instant account security with effortless multi-factor authentication via Mobile Push, Mobile Passcode (TOTP), WebAuthn/U2F Security Keys, and more.

500 No CVEs
PassClip Auth for WordPress

PassClip Auth for WordPress

passclip-auth-for-wordpress

A
85

"PassClip Auth" provides strong and easy authentication. "PassClip Auth for WordPress" is the plugin to launch PassClip Auth to Wo …

10 No CVEs
4Login for Secure And Smart Access

4Login for Secure And Smart Access

4login-for-secure-and-smart-access

A
100

4Login will give you an easy and powerful authentication (connect to an external server for authentication).

0 No CVEs
AV 2FA

AV 2FA

av-2fa

A
100

A simple and secure Two-Factor Authentication plugin that sends a verification code to your email.

0 No CVEs
Developer Profile

OLS 2FA Developer Profile

One Loop Studio

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect OLS 2FA

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ols-2fa/build/non-blocks/admin/settings/index.js/wp-content/plugins/ols-2fa/build/non-blocks/admin/settings/index.css
Script Paths
/wp-content/plugins/ols-2fa/build/non-blocks/admin/settings/index.js
Version Parameters
ols-2fa/build/non-blocks/admin/settings/index.js?ver=ols-2fa/build/non-blocks/admin/settings/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
ols-2fa-email-settings-appols-uiols-app
JS Globals
ols_2fa_vars
REST Endpoints
/wp-json/ols-2fa/v1/settings/wp-json/ols-2fa/v1/send-auth-code-email/wp-json/ols-2fa/v1/verify-auth-code
Shortcode Output
<div id='ols-2fa-email-settings-app' class='ols-ui ols-app'></div>
FAQ

Frequently Asked Questions about OLS 2FA