Описание

Используйте секцию «Параметры Two-Factor» в разделе «Пользователи» → «Ваш профиль» для включения и настройки одного или нескольких вариантов второго фактора аутентификации для вашего аккаунта:

Email коды
Одноразовые пароли основанные на времени (TOTP)
FIDO второй универсальный фактор (U2F)
Резервные коды
Метод пустышка (только для проверочных целей)

Подробную историю можно посмотреть в этом посте.

Действия и фильтры

Вот список действий и хуков фильтров, предоставляемых плагином:

two_factor_providersфильтр переопределяет доступных двухфакторных поставщиков, таких как электронная почта и одноразовые пароли на основе времени. Значения массива — это имена классов PHP двухфакторных поставщиков.
two_factor_providers_for_user filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object WP_User is available as the second argument.
two_factor_enabled_providers_for_userфильтр переопределяет список двухфакторных поставщиков, включенных для пользователя. Первый аргумент — это массив включенных имен классов поставщиков в виде значений, второй аргумент — это идентификатор пользователя.
two_factor_user_authenticated действие, которое получает авторизованный WP_Userобъект в качестве первого аргумента для определения вошедшего в систему пользователя сразу после рабочего процесса аутентификации.
two_factor_user_api_login_enable filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.
two_factor_email_token_ttl filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the WP_User object being authenticated.
two_factor_email_token_length filter overrides the default 8 character count for email tokens.
two_factor_backup_code_length filter overrides the default 8 character count for backup codes. Providers the WP_User of the associated user as the second argument.

Скриншоты

Параметры Two-factor в Профиле пользователя.
Раздел ключей безопасности U2F в Профиле пользователя.
Login with authentication app code.
Login with recovery code.
Login with email code.

Часто задаваемые вопросы

What PHP and WordPress versions does the Two-Factor plugin support?

This plugin supports the last two major versions of WordPress and the minimum PHP version supported by those WordPress versions.

How can I send feedback or get help with a bug?

The best place to report bugs, feature suggestions, or any other (non-security) feedback is at the Two Factor GitHub issues page. Before submitting a new issue, please search the existing issues to check if someone else has reported the same feedback.

Where can I report security bugs?

The plugin contributors and WordPress community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please visit the WordPress HackerOne program.

Отзывы

olga679 05.11.2025

The Two-Factor plugin provides an extra layer of security by adding two-step verification to your WordPress login. It’s simple to configure, reliable, and supports various authentication methods. A great choice for keeping your site safe from unauthorized access.

Abdulrashid Aushev 22.09.2025

Helps secure important accounts and data! This will stop unknown device login.

letharaddison 29.08.2025

Essential Security Boost with Two-Factor

michavo73 20.08.2025 3 ответа

A great plugin and absolutely useful and important! Unfortunately, there is a problem that needs to be addressed and resolved: The QR code generated for 2FA apps is reported as incorrect by the 2FAS smartphone app. If you type the code below into the app, everything works fine. This problem did not occur with Google Authenticator. Of course, it seems to be a problem with the 2FAS app, because Google can do it! But shouldn’t the problem be analyzed in more detail on the developer side? I will probably also inform the developer of the app. However, it would certainly be best if the two experts (plugin here and app there) got in touch with each other.

kruthikreddyj 17.07.2025

This plugin made it really easy to add two-factor authentication to my WordPress test site. The interface is clean, and the setup took just a few minutes. Works well with email and TOTP apps like Google Authenticator. A must-have for basic security!