dxw / 2fa
WordPress plugin for 2 factor authentication (TOTP and SMS)
Installs: 19
Dependents: 0
Suggesters: 0
Security: 0
Stars: 6
Watchers: 21
Forks: 2
Open Issues: 6
Type:wordpress-plugin
Requires
- christian-riesen/otp: 1.*
- dxw/iguana: ^1.1
- endroid/qrcode: 1.5.0
- google/recaptcha: ~1.1
- twilio/sdk: 8.3.9
Requires (Dev)
- dxw/phar-install: ^1.1
- dxw/php-cs-fixer-config: ^2.1
- kahlan/kahlan: ^5.2
- dev-main
- v2.0.3
- v2.0.2
- v2.0.1
- v2.0.0
- v1.0.4
- v1.0.3
- v1.0.2
- v1.0.1
- v1.0.0
- dev-feature/2fa-options
- dev-fix/twilio-checks
- dev-chore/better_errors
- dev-fix/2fa-twilio-changes
- dev-fix/2fa-versioning
- dev-fix/twilio
- dev-renovate/configure
- dev-feature/add-dependabot-yml
- dev-bump-grunt-and-add-yarn-lock
- dev-fix/only-run-tests-once-mysql-ready
- dev-fix/update-nokogiri-cve-2020-26247
- dev-repo-audit/add-contributing-documentation
- dev-fix/tests
- dev-fix/add-license
- dev-feature/run-tests
- dev-feature/wp-cli
This package is auto-updated.
Last update: 2024-12-19 16:42:42 UTC
README
WordPress plugin for 2 factor authentication (TOTP and SMS)
Installation
At the moment this plugin must be installed on a multisite installation.
To enable SMS authentication add these constants to your wp-config.php:
define('TWILIO_ACCOUNT_SID', 'AC...');
define('TWILIO_AUTH_TOKEN', '...');
define('TWILIO_NUMBER', '...');
You can find those here.
To disable 2FA options from being selectable, add constants as follows:
2FA_SMS_DISABLED
to disable SMS (for example if no Twilio account is setup)2FA_SMART_DEVICE_DISABLED
to disable smartphone or tablet option
Usage
Super admins can decide which users must use 2FA. Users cannot opt to start using 2FA if it has not been enabled for their account.
Super admins can do this in two ways - setting an option on the user's profile to "enabled", or by checking the checkbox in the list of sites which forces all users of a site to use 2FA.
Users will then be forced to setup 2FA the next time they log in (it will not interrupt a user who is already logged in).
They have the option of using TOTP (apps like Google Authenticator) or SMS. And they can configure up to 2 devices (controlled by a constant).
Admins can also set the number of days users can skip requests for their second factor when logging in.
wp-cli command
% wp 2fa fails
% wp 2fa user alice
% wp 2fa reset bob
Tests
Unit tests and linter:
% composer install
% vendor/bin/peridot spec
% vendor/bin/php-cs-fixer fix --dry-run -v --diff
Integration tests:
% tests/run-with-docker.sh
Licence
MIT