[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fm2ZyjIpsDWuY2iDKmRZuNZ4vkidu5uktG8bIpqapEhU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":141,"fingerprints":434},"wordpress-2-step-verification","WP 2-step verification","2.6.4","as247","https:\u002F\u002Fprofiles.wordpress.org\u002Fas247\u002F","\u003Ch4>WordPress 2-Step Verification (Wp2sv) adds an extra layer of security to your WordPress Account.\u003C\u002Fh4>\n\u003Cp>In addition to your username and password, you’ll enter a code that generated by Android\u002FiPhone\u002FBlackberry app or Plugin will send you via email upon signing in.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy setup\u003C\u002Fli>\n\u003Cli>Multisite supported\u003C\u002Fli>\n\u003Cli>Option to use application or email\u003C\u002Fli>\n\u003Cli>Backup codes\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with app password\u003C\u002Fli>\n\u003Cli>App passwords for apps that don’t support 2-Step Verification\u003C\u002Fli>\n\u003Cli>Easy recovery(via ftp) if lost phone\u003C\u002Fli>\n\u003Cli>Setup 2-Step at front page for Woocommerce\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds an extra layer of security to your Wordpress Account. Same as Google 2-step verification.",2000,80954,84,27,"2025-10-10T15:40:00.000Z","6.8.5","4.5","5.6.0",[20,21,22,23,24],"2fa","authentication","two-factor","two-factor-authentication","two-step-verification","https:\u002F\u002Ftinyinstaller.top\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordpress-2-step-verification.2.6.4.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,94,"2026-04-04T21:12:59.416Z",[38,57,81,103,123],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":28,"num_ratings":28,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":54,"download_link":55,"security_score":56,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"getotp-otp-verification","GetOTP OTP Verification","1.4.1","LaLoka Labs","https:\u002F\u002Fprofiles.wordpress.org\u002Flalokalabs\u002F","\u003Cp>This plugin is an official integration of GetOTP for WordPress.\u003C\u002Fp>\n\u003Cp>GetOTP is a service that lets you implement a simple, secure, multi-channel authentication flow. It supplies the user’s data – like emails – to perform a complete OTP flow.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fotp.dev\u002Fen\u002F\" rel=\"nofollow ugc\">GetOTP website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fotp.dev\u002Fen\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy for GetOTP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fotp.dev\u002Fen\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">GetOTP Terms and Conditions\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>EMAIL OTP VERIFICATION\u003C\u002Fh4>\n\u003Cp>Verifies user by sending Email OTP verification. Enjoy \u003Cstrong>free 100 emails per month with the free plan\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>SMS OTP VERIFICATION\u003C\u002Fh4>\n\u003Cp>Verifies user by sending SMS OTP verification. Only available for the paid plan.\u003C\u002Fp>\n\u003Ch4>2FA LOGIN\u003C\u002Fh4>\n\u003Cp>You can let the user log in with Username and Password, followed by OTP verification via Email or SMS.\u003C\u002Fp>\n\u003Ch4>Supported Forms\u003C\u002Fh4>\n\u003Cp>WordPress Login, WooCommerce Login, WooCommerce Checkout (coming soon)\u003C\u002Fp>\n\u003Ch4>SUPPORT\u003C\u002Fh4>\n\u003Cp>Email us at \u003Ca href=\"mailto:help@otp.dev\" rel=\"nofollow ugc\">help@otp.dev\u003C\u002Fa>\u003C\u002Fp>\n","Implement Email OTP and SMS OTP for WordPress and WooCommerce. Support Login with 2FA.",10,1741,"2022-08-01T06:55:00.000Z","5.9.13","5.0","",[20,53,22,23,24],"otp","https:\u002F\u002Fgetotp.dev","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgetotp-otp-verification.zip",85,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":35,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":78,"vuln_count":79,"unpatched_count":28,"last_vuln_date":80,"fetched_at":30},"wp-2fa","WP 2FA – Two-factor authentication for WordPress","3.1.1.2","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>A free and easy-to-use two-factor authentication plugin for WordPress\u003C\u002Fh3>\n\u003Cp>Add an extra layer of security to your WordPress website login and protect your users. Enable two-factor authentication (2FA), the best protection against password leaks, automated password guessing, and brute force attacks.\u003C\u002Fp>\n\u003Cp>Use the WP 2FA plugin to enable two-factor authentication for your WordPress administrator, enforce 2FA for all your website users, or for users with specific roles. This plugin is very easy to use; everything can be configured via wizards with clear instructions, so even non-technical users can set up 2FA without requiring technical assistance.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FvRlX_NNGeFo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwp-2fa-plugin-getting-started\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Get the Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>🔒 WP 2FA key plugin features and capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Passkeys support\u003C\u002Fstrong> for passwordless logins   \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free two-factor authentication (2FA)\u003C\u002Fstrong> for all users  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple 2FA methods\u003C\u002Fstrong> supported, including authenticator app (TOTP) and code over email  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer API\u003C\u002Fstrong> to integrate any alternative 2FA method (WhatsApp, OTP Token, etc.)  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal 2FA app support\u003C\u002Fstrong> – works with Google Authenticator, Authy, and any TOTP-compatible app  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup codes\u003C\u002Fstrong> (16 digits) for recovery access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wizard-driven setup\u003C\u002Fstrong> – no technical knowledge required  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>2FA policies\u003C\u002Fstrong> to enforce setup with grace periods or instant activation  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API endpoints\u003C\u002Fstrong> for custom integrations and headless WordPress setups  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dashboard-free setup\u003C\u002Fstrong> – users can configure 2FA without WP admin access  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editable email templates\u003C\u002Fstrong> for full customization  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>💎 Upgrade to WP 2FA Premium and get even more benefits\u003C\u002Fh3>\n\u003Cp>The premium version of WP 2FA comes bundled with even more features to take your WordPress website login security to the next level.\u003C\u002Fp>\n\u003Cp>With the premium edition of WP 2FA, you get more 2FA methods, 1-click integration with WooCommerce, trusted devices feature, extensive white labeling capabilities, and much more!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">Check out WP 2FA Premium!\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Premium features list\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Everything in the free version\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Full white labeling capabilities\u003C\u002Fstrong> to change all text and visuals in the wizards, emails, SMS, and 2FA pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support for multiple passkeys per user\u003C\u002Fstrong> for flexible passwordless logins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-setup email 2FA\u003C\u002Fstrong> that automatically enrolls users without manual configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey hardware key support\u003C\u002Fstrong> for enterprise-grade security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Additional 2FA methods\u003C\u002Fstrong> such as SMS, email link, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Trusted devices\u003C\u002Fstrong> so users can log in without 2FA for a configured period\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Require 2FA on password reset\u003C\u002Fstrong> to strengthen account protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Allow next user login without 2FA\u003C\u002Fstrong> to help recover accounts locked out of authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-click WooCommerce integration\u003C\u002Fstrong> to enable 2FA for customers and store admins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>And much more!\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Refer to the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Ffeatures\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WP 2FA plugin features and benefits page\u003C\u002Fa> to learn more about the benefits of upgrading to WP 2FA Premium.\u003C\u002Fp>\n\u003Ch3>🛠️ Free and premium support\u003C\u002Fh3>\n\u003Cp>Support for the free edition of WP 2FA is free on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-2fa\u002F\" rel=\"ugc\">WordPress support forums\u003C\u002Fa>. Premium world-class support via one-to-one email is available to the Premium users – \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-2fa\u002Fpricing\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">upgrade to premium\u003C\u002Fa> to benefit from email support.\u003C\u002Fp>\n\u003Cp>For any other queries, feedback, or if you simply want to get in touch with us, please use our \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">contact form\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh4>\n\u003Cp>Melapress develops high-quality WordPress management and security plugins, such as Melapress Login Security, Melapress Role Editor, and WP Activity Log; the #1 user-rated activity log plugin for WordPress.\u003C\u002Fp>\n\u003Cp>Browse our list of \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=wp2fa\" rel=\"nofollow ugc\">WordPress security and administration plugins\u003C\u002Fa> to see how our plugins can help you better manage and improve the security and administration of your WordPress websites and users.\u003C\u002Fp>\n\u003Ch3>Installing WP 2FA\u003C\u002Fh3>\n\u003Ch3>From within WordPress\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to ‘Plugins’ > ‘Add New’\u003C\u002Fli>\n\u003Cli>Search for ‘WP 2FA’\u003C\u002Fli>\n\u003Cli>Install & activate WP 2FA from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Manually\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the ‘\u002Fwp-content\u002Fplugins\u002F directory’\u003C\u002Fli>\n\u003Cli>Activate the WP 2FA plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>As featured on:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fplugins\u002Fhow-to-add-two-factor-authentication-for-wordpress\u002F\" rel=\"nofollow ugc\">WP Beginner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.isitwp.com\u002Fbest-wordpress-security-authentication-plugins\u002F\" rel=\"nofollow ugc\">IsitWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Ftwo-factor-authentication-wordpress\u002F\" rel=\"nofollow ugc\">WP Astra\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmainwp.com\u002Fhow-to-use-the-wp-2fa-plugin-on-your-child-sites\u002F\" rel=\"nofollow ugc\">MainWP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.fixrunner.com\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">FixRunner\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.inmotionhosting.com\u002Fsupport\u002Fedu\u002Fwordpress\u002Fplugins\u002Fwp-2fa\u002F\" rel=\"nofollow ugc\">Inmotion Hosting\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpmarmite.com\u002Fen\u002Fwordpress-two-factor-authentication\u002F\" rel=\"nofollow ugc\">WP Marmite\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Get better WordPress login security; add two-factor authentication (2FA) for all your users with this easy-to-use plugin.",100000,1555592,162,"2026-02-25T13:18:00.000Z","6.9.4","5.5","7.4",[73,20,74,23,75],"2-factor-authentication","google-authenticator","wordpress-authentication","https:\u002F\u002Fmelapress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-2fa.3.1.1.2.zip",95,9,"2025-11-03 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":51,"download_link":101,"security_score":102,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wordfence-login-security","Wordfence Login Security","1.1.15","wfryan","https:\u002F\u002Fprofiles.wordpress.org\u002Fwfryan\u002F","\u003Ch3>WORDFENCE LOGIN SECURITY\u003C\u002Fh3>\n\u003Cp>Wordfence Login Security contains a subset of the functionality found in the full Wordfence plugin: Two-factor Authentication, XML-RPC Protection and Login Page CAPTCHA.\u003C\u002Fp>\n\u003Cp>Are you looking for comprehensive WordPress Security? \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordfence\u002F\" rel=\"ugc\">Check out the full Wordfence plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>TWO-FACTOR AUTHENTICATION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Two-factor authentication (2FA), one of the most secure forms of remote system authentication available.\u003C\u002Fli>\n\u003Cli>Use any TOTP-based authenticator app or service like Google Authenticator, Authy, 1Password or FreeOTP.\u003C\u002Fli>\n\u003Cli>Enable 2FA for any WordPress user role.\u003C\u002Fli>\n\u003Cli>Completely free to use, no limits or restrictions of any kind.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LOGIN PAGE CAPTCHA\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily enable Google ReCAPTCHA v3 on your login and registration pages.\u003C\u002Fli>\n\u003Cli>Stops bots from logging in without inconveniencing your site visitors.\u003C\u002Fli>\n\u003Cli>Robust protection against password guessing and credential stuffing attacks distributed across large IP pools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>XML-RPC PROTECTION\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>XML-RPC is the biggest target for WordPress attacks, but is often overlooked.\u003C\u002Fli>\n\u003Cli>Protect XML-RPC with 2FA or disable it altogether if it’s not needed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your website with Wordfence Login Security, providing two-factor authentication, login and registration CAPTCHA, and XML-RPC protection.",70000,1239075,80,25,"2025-01-15T17:05:00.000Z","6.7.5","4.7","7.0",[20,98,99,100,23],"captcha","login-security","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence-login-security.1.1.15.zip",92,{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":27,"num_ratings":113,"last_updated":114,"tested_up_to":69,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":119,"download_link":120,"security_score":121,"vuln_count":33,"unpatched_count":28,"last_vuln_date":122,"fetched_at":30},"two-factor-2fa-via-email","Two Factor (2FA) Authentication via Email","1.9.9","Sully","https:\u002F\u002Fprofiles.wordpress.org\u002Fss88_uk\u002F","\u003Cp>A simple, lightweight, yet effective plugin to enable two factor (2FA) authentication via email. You can enable this on an individual user basis, for all administrators, editors, or all accounts with one line of code in your \u003Ccode>wp-config.php\u003C\u002Fcode> file.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FGgOAcwK_4m4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>WordPress is the world’s most popular content management system (CMS), with over 40% of all websites running on it. As such, it has become a prime target for hackers looking to exploit vulnerabilities to gain unauthorized access to websites. One of the best ways to enhance the security of a WordPress site is to enable two-factor authentication (2FA) for administrators.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simply enable the plugin then edit a user account to enable 2FA for that individual user.\u003C\u002Fli>\n\u003Cli>Please make sure your WordPress website sends and receives emails correctly. The best way is to use a SMTP plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Check out our other plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🎉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmedia-library-file-size\u002F\" rel=\"ugc\">Media Library File Size\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>✨ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsingle-post-page-export\u002F\" rel=\"ugc\">Export Single Post Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🙍‍♂️ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fview-user-metadata\u002F\" rel=\"ugc\">View User Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🔠 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-turnstile-cloudflare-for-gravity-forms\u002F\" rel=\"ugc\">Enable Turnstile (Cloudflare) for Gravity Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>⭐️⭐️⭐️⭐️⭐️ \u003Ca href=\"https:\u002F\u002Fneoboffin.com\u002Fplugins\u002Fgravity-forms-freescout?utm_campaign=OtherPlugins\" rel=\"nofollow ugc\">Gravity Forms to FreeScout\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable one-click login with this WordPress Two-Factor Authentication (2FA) plugin, utilizing email for added security.",9000,58774,4,"2025-12-03T14:42:00.000Z","4.6","5.6",[20,118,21,22,23],"2fa-authentication","https:\u002F\u002Fneoboffin.com\u002Fplugins\u002Ftwo-factor-2fa-authentication-via-email-plugin-for-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwo-factor-2fa-via-email.1.9.9.zip",99,"2026-02-18 15:31:37",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":13,"num_ratings":133,"last_updated":134,"tested_up_to":69,"requires_at_least":50,"requires_php":135,"tags":136,"homepage":139,"download_link":140,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"rublon","Rublon Multi-Factor Authentication (MFA)","4.4.5","Rublon","https:\u002F\u002Fprofiles.wordpress.org\u002Frublon\u002F","\u003Cp>Rublon MFA is a multi-factor authentication (MFA) solution that protects your organization’s data and access to networks, servers, and applications. Rublon MFA provides MFA for cloud apps, VPNs, servers, and Microsoft technologies using authentication methods like \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fmobile-push\u002F\" rel=\"nofollow ugc\">Mobile Push\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fsms-passcodes\u002F\" rel=\"nofollow ugc\">SMS Passcode\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fqr-codes\u002F\" rel=\"nofollow ugc\">QR Code\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fsecurity-keys\u002F\" rel=\"nofollow ugc\">WebAuthn\u002FU2F Security Keys\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>Rublon MFA is easy to use, affordable, and scalable. It helps reduce compliance risk, improve user experience, and reduce costs. Rublon MFA is compatible with a variety of technologies, including but not limited to \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdocs\u002F#vpn\" rel=\"nofollow ugc\">VPN\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Frds\u002F\" rel=\"nofollow ugc\">Remote Desktop Services (RDS)\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Fowa\u002F\" rel=\"nofollow ugc\">Outlook Web App (OWA)\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fldap-mfa\u002F\" rel=\"nofollow ugc\">LDAP\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fproduct\u002Fradius-mfa\u002F\" rel=\"nofollow ugc\">RADIUS\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fdoc\u002Fwordpress\u002F\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Start your \u003Ca href=\"https:\u002F\u002Fadmin.rublon.net\u002Fauth\u002Fregister\" rel=\"nofollow ugc\">Free 30-Day Trial\u003C\u002Fa> and see how easy it is to get started with Rublon MFA.\u003C\u002Fh3>\n\u003Ch3>To learn more, visit \u003Ca href=\"https:\u002F\u002Frublon.com\u002F\" rel=\"nofollow ugc\">www.rublon.com\u003C\u002Fa>.\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Ch4>Recommended by Security Experts and Industry Professionals\u003C\u002Fh4>\n\u003Cp>\u003Cem>“The fact that I could speak instantly with tech support while evaluating was super important. Connecting with Rublon technicians via remote sessions was SUPER handy to assist with setting things up.” — \u003Cstrong>Chris D., Manager of GIS\u002FIT\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“We were able to get Rublon MFA installed, tested, and in use in under a day across all offices.” — \u003Cstrong>Ethan M. Hospital & Health Care\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“Product was absolutely superb for integrating MFA into our RDS solution very easy to use and the moblie app was brilliant for our end users.” — \u003Cstrong>Scott L., IT Network Manager\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“we tested a trial version, it was very easy to set up. we got the pricing immediately. other suppliers did not even replied to my email yet and i already implemented Rublon” — \u003Cstrong>Mihail B., Logistics Manager\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Cem>“I searched for a tool for a very specific security need and Rublon filled that need perfectly. Not only does it work every single time as expected, the support and setup are amazing! Highly recommended.” — \u003Cstrong>Charles D., Financial Services\u003C\u002Fstrong>\u003C\u002Fem> \u003C\u002Fp>\n\u003Cp>  \u003Ca href=\"https:\u002F\u002Frublon.com\u002Fcustomers\u002F\" rel=\"nofollow ugc\">Read More\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>In What Languages Is Rublon For WordPress Available?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Japanese (translated by \u003Ca href=\"https:\u002F\u002Fen.digitalcube.jp\" rel=\"nofollow ugc\">Digital Cube\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Turkish (translated by Mehmet Emre Baş, proofread by Tarık Çayır)\u003C\u002Fli>\n\u003Cli>Polish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Ch4>Follow Us\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FRublonApp\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002F2772205\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Frublon\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Legal notice\u003C\u002Fh3>\n\u003Cp>I have read and agree to the \u003Ca href=\"https:\u002F\u002Flegal.rublon.com\u002Ftos\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Flegal.rublon.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> before installing the Rublon WordPress Plugin.\u003C\u002Fp>\n","Instant account security with effortless multi-factor authentication via Mobile Push, Mobile Passcode (TOTP), WebAuthn\u002FU2F Security Keys, and more.",500,116338,88,"2025-12-04T13:45:00.000Z","5.5.1",[20,137,138,100,23],"mfa","multi-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Frublon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frublon.4.4.5.zip",{"attackSurface":142,"codeSignals":339,"taintFlows":425,"riskAssessment":426,"analyzedAt":433},{"hooks":143,"ajaxHandlers":321,"restRoutes":330,"shortcodes":331,"cronEvents":334,"entryPointCount":338,"unprotectedCount":33},[144,150,153,157,161,166,170,174,178,183,188,190,194,198,200,203,206,209,213,217,220,222,225,229,232,236,239,240,242,244,245,249,251,255,260,263,267,270,273,276,277,281,286,289,291,295,298,302,305,308,310,312,314,317,319],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","edit_user_profile","editUserProfile","includes\\Wp2sv_Admin.php",8,{"type":145,"name":151,"callback":152,"file":148,"line":79},"edit_user_profile_update","editUserProfileUpdate",{"type":154,"name":155,"callback":156,"file":148,"line":46},"filter","manage_users_columns","addUsersTableColumn",{"type":154,"name":158,"callback":159,"priority":46,"file":148,"line":160},"manage_users_custom_column","showUsersTableColumn",11,{"type":145,"name":162,"callback":163,"file":164,"line":165},"admin_menu","page","includes\\Wp2sv_Admin_Settings.php",16,{"type":145,"name":167,"callback":168,"file":164,"line":169},"admin_init","init",17,{"type":145,"name":171,"callback":172,"priority":46,"file":164,"line":173},"update_option_wp2sv_settings","updated",18,{"type":145,"name":175,"callback":176,"file":177,"line":92},"admin_notices","noticeThatTranslationNotExists","includes\\Wp2sv_Compatibility.php",{"type":154,"name":179,"callback":180,"priority":27,"file":181,"line":182},"wp2sv_mail","Wp2sv_Mailer::send","includes\\Wp2sv_Email.php",14,{"type":145,"name":184,"callback":185,"priority":186,"file":187,"line":182},"template_redirect","handle",101,"includes\\Wp2sv_Force.php",{"type":145,"name":167,"callback":185,"file":187,"line":189},15,{"type":145,"name":191,"callback":192,"file":187,"line":193},"wp_enqueue_scripts","enqueueScripts",35,{"type":145,"name":195,"callback":196,"file":187,"line":197},"wp_footer","renderNotice",36,{"type":145,"name":191,"callback":192,"file":187,"line":199},41,{"type":145,"name":201,"callback":192,"file":187,"line":202},"admin_enqueue_scripts",42,{"type":145,"name":195,"callback":204,"file":187,"line":205},"renderPopup",43,{"type":145,"name":207,"callback":204,"file":187,"line":208},"admin_footer",44,{"type":145,"name":210,"callback":211,"file":187,"line":212},"wp2sv_setup_header","hidePopup",45,{"type":145,"name":214,"callback":215,"file":216,"line":46},"wp_logout","clear_cookie","includes\\Wp2sv_Handler.php",{"type":154,"name":218,"callback":219,"file":216,"line":189},"cron_schedules","closure",{"type":145,"name":221,"callback":219,"file":216,"line":14},"wp2sv_sync_time",{"type":154,"name":223,"callback":224,"file":216,"line":208},"check_password","checkAppPassRestrict",{"type":145,"name":226,"callback":227,"priority":46,"file":216,"line":228},"set_auth_cookie","collectUserToken",46,{"type":154,"name":223,"callback":230,"file":216,"line":231},"checkAllowAppPassword",47,{"type":145,"name":162,"callback":233,"file":234,"line":235},"menu","includes\\Wp2sv_Setup.php",6,{"type":145,"name":237,"callback":233,"file":234,"line":238},"network_admin_menu",7,{"type":145,"name":184,"callback":233,"priority":27,"file":234,"line":149},{"type":145,"name":175,"callback":241,"file":234,"line":79},"notice",{"type":145,"name":201,"callback":219,"file":234,"line":243},12,{"type":145,"name":191,"callback":219,"file":234,"line":169},{"type":145,"name":246,"callback":247,"file":234,"line":248},"profile_personal_options","profilePersonalOptions",23,{"type":145,"name":250,"callback":219,"file":234,"line":34},"wp2sv_setup_scripts",{"type":145,"name":252,"callback":253,"file":234,"line":254},"admin_bar_menu","adminBar",114,{"type":145,"name":256,"callback":257,"file":258,"line":259},"wp2sv_upgrade","run","includes\\Wp2sv_Upgrade.php",21,{"type":145,"name":175,"callback":261,"file":258,"line":262},"noticeUpgrade",51,{"type":154,"name":264,"callback":265,"file":266,"line":182},"woocommerce_account_menu_items","accountMenuItems","includes\\Wp2sv_Woo.php",{"type":154,"name":268,"callback":269,"file":266,"line":189},"woocommerce_get_query_vars","queryVars",{"type":145,"name":271,"callback":272,"file":266,"line":165},"woocommerce_account_wp2sv-setup_endpoint","setupPage",{"type":154,"name":274,"callback":275,"file":266,"line":169},"woocommerce_endpoint_wp2sv-setup_title","pageTitle",{"type":145,"name":191,"callback":192,"file":266,"line":173},{"type":145,"name":278,"callback":279,"file":266,"line":280},"woocommerce_settings_pages","endpointOption",19,{"type":145,"name":282,"callback":283,"file":284,"line":285},"setup_theme","initialize","wordpress-2-step-verification.php",62,{"type":145,"name":201,"callback":287,"priority":79,"file":284,"line":288},"registerScripts",63,{"type":145,"name":191,"callback":287,"priority":79,"file":284,"line":290},64,{"type":145,"name":292,"callback":293,"priority":33,"file":284,"line":294},"wp2sv_handled","verifiedUser",77,{"type":145,"name":292,"callback":296,"file":284,"line":297},"createForce",78,{"type":145,"name":299,"callback":300,"file":284,"line":301},"after_setup_theme","setup",79,{"type":145,"name":303,"callback":304,"file":284,"line":91},"wp2sv_setup","createHandler",{"type":145,"name":306,"callback":219,"file":284,"line":307},"wp2sv_handle",105,{"type":145,"name":168,"callback":257,"file":284,"line":309},122,{"type":145,"name":168,"callback":257,"priority":28,"file":284,"line":311},123,{"type":145,"name":168,"callback":257,"priority":33,"file":284,"line":313},124,{"type":145,"name":315,"callback":257,"file":284,"line":316},"set_current_user",127,{"type":145,"name":315,"callback":257,"priority":28,"file":284,"line":318},128,{"type":145,"name":315,"callback":257,"priority":33,"file":284,"line":320},129,[322,327],{"action":323,"nopriv":324,"callback":325,"hasNonce":326,"hasCapCheck":324,"file":234,"line":46},"wp2sv",false,"ajax",true,{"action":328,"nopriv":324,"callback":329,"hasNonce":324,"hasCapCheck":324,"file":234,"line":160},"wp2sv_setup_data","setupData",[],[332],{"tag":303,"callback":219,"file":234,"line":333},24,[335,336],{"hook":221,"callback":221,"file":216,"line":92},{"hook":256,"callback":256,"file":258,"line":337},49,3,{"dangerousFunctions":340,"sqlUsage":341,"outputEscaping":343,"fileOperations":422,"externalRequests":33,"nonceChecks":338,"capabilityChecks":423,"bundledLibraries":424},[],{"prepared":33,"raw":28,"locations":342},[],{"escaped":344,"rawEcho":231,"locations":345},20,[346,349,351,352,353,356,357,359,361,362,364,366,369,371,373,374,376,378,379,381,382,383,384,386,388,389,390,392,394,395,397,399,402,403,405,406,407,409,410,411,412,414,415,417,418,419,420],{"file":148,"line":347,"context":348},56,"raw output",{"file":187,"line":350,"context":348},69,{"file":187,"line":297,"context":348},{"file":216,"line":102,"context":348},{"file":354,"line":355,"context":348},"includes\\Wp2sv_Recovery.php",61,{"file":354,"line":290,"context":348},{"file":354,"line":358,"context":348},70,{"file":234,"line":360,"context":348},48,{"file":234,"line":337,"context":348},{"file":234,"line":363,"context":348},189,{"file":234,"line":365,"context":348},323,{"file":367,"line":368,"context":348},"includes\\Wp2sv_View.php",29,{"file":266,"line":370,"context":348},60,{"file":372,"line":344,"context":348},"template\\front\\form-others.php",{"file":372,"line":193,"context":348},{"file":372,"line":375,"context":348},37,{"file":372,"line":377,"context":348},50,{"file":372,"line":355,"context":348},{"file":380,"line":173,"context":348},"template\\front\\form-recovery.php",{"file":380,"line":280,"context":348},{"file":380,"line":344,"context":348},{"file":380,"line":333,"context":348},{"file":380,"line":385,"context":348},33,{"file":387,"line":344,"context":348},"template\\front\\form-verify.php",{"file":387,"line":259,"context":348},{"file":387,"line":375,"context":348},{"file":387,"line":391,"context":348},67,{"file":387,"line":393,"context":348},68,{"file":387,"line":350,"context":348},{"file":387,"line":396,"context":348},74,{"file":398,"line":338,"context":348},"template\\front\\others-link.php",{"file":400,"line":401,"context":348},"template\\front\\wp2sv.php",22,{"file":400,"line":337,"context":348},{"file":400,"line":404,"context":348},54,{"file":400,"line":393,"context":348},{"file":400,"line":350,"context":348},{"file":408,"line":160,"context":348},"template\\setup\\backup-codes-txt.php",{"file":408,"line":248,"context":348},{"file":408,"line":14,"context":348},{"file":408,"line":34,"context":348},{"file":413,"line":160,"context":348},"template\\setup\\force-notice.php",{"file":413,"line":189,"context":348},{"file":416,"line":189,"context":348},"template\\setup\\force-popup.php",{"file":416,"line":259,"context":348},{"file":416,"line":248,"context":348},{"file":416,"line":248,"context":348},{"file":284,"line":421,"context":348},254,5,2,[],[],{"summary":427,"deductions":428},"The 'wordpress-2-step-verification' plugin v2.6.4 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and includes a decent number of nonce and capability checks. The absence of any recorded vulnerabilities or CVEs in its history is also a strong indicator of diligent development and maintenance. However, there are significant concerns that detract from its overall security.\n\nThe static analysis reveals an unprotected AJAX handler, which represents a critical entry point into the application that could be exploited if not properly secured. The low percentage of properly escaped output (30%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, as data outputted to the user interface may not be sanitized, allowing malicious scripts to be injected. While taint analysis did not reveal any critical or high severity flows, this is often due to limited analysis depth or the absence of complex data interaction paths that would trigger such flows.\n\nIn conclusion, while the plugin has a clean vulnerability history and uses prepared statements, the presence of an unprotected AJAX handler and a significant number of unescaped outputs represent concrete, exploitable security risks. These issues, if left unaddressed, could lead to unauthorized access, data manipulation, or XSS attacks. The plugin's strengths in database interaction are overshadowed by these identified weaknesses in input\u002Foutput handling and access control.",[429,431],{"reason":430,"points":149},"Unprotected AJAX handler",{"reason":432,"points":238},"Low percentage of properly escaped output","2026-03-16T18:41:28.114Z",{"wat":435,"direct":453},{"assetPaths":436,"generatorPatterns":444,"scriptPaths":445,"versionParams":446},[437,438,439,440,441,442,443],"\u002Fwp-content\u002Fplugins\u002Fwordpress-2-step-verification\u002Fvendor\u002Fvue\u002Fvue.min.js","\u002Fwp-content\u002Fplugins\u002Fwordpress-2-step-verification\u002Fassets\u002Fjs\u002Fwp2sv.js","\u002Fwp-content\u002Fplugins\u002Fwordpress-2-step-verification\u002Fassets\u002Fjs\u002Fqrcode.min.js","\u002Fwp-content\u002Fplugins\u002Fwordpress-2-step-verification\u002Fassets\u002Fcss\u002Fbase.css","\u002Fwp-content\u002Fplugins\u002Fwordpress-2-step-verification\u002Fassets\u002Fcss\u002Fpopup.css","\u002Fwp-content\u002Fplugins\u002Fwordpress-2-step-verification\u002Fassets\u002Fjs\u002Fsetup.js","\u002Fwp-content\u002Fplugins\u002Fwordpress-2-step-verification\u002Fassets\u002Fcss\u002Fsetup.css",[],[438,439,442],[447,448,449,450,451,452],"wp2sv.js?ver=","qrcode.min.js?ver=","base.css?ver=","popup.css?ver=","setup.js?ver=","setup.css?ver=",{"cssClasses":454,"htmlComments":457,"htmlAttributes":458,"restEndpoints":461,"jsGlobals":462,"shortcodeOutput":463},[455,456],"wp2sv-login-form","wp2sv-setup-form",[],[459,460],"data-wp2sv-user-id","data-wp2sv-ajax-url",[],[323],[]]