Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
March 29, 2023 11:09
December 26, 2019 21:47
September 7, 2021 09:55
March 20, 2023 13:14
April 12, 2019 20:40
March 24, 2022 15:32
January 9, 2020 00:59
March 27, 2023 09:23


Test Deploy

Two-Factor plugin for WordPress. View on →


See the readme.txt for installation and usage instructions.


Please report (non-security) issues and open pull requests on GitHub. See below for information on reporting potential security/privacy vulnerabilities.

Join the #core-passwords channel on WordPress Slack (sign up here).

To use the provided development environment, you'll first need to install and launch Docker. Once it's running, the next steps are:

$ git clone
$ cd two-factor
$ composer install
$ npm install
$ npm run build
$ npm run env start

See package.json for other available scripts you might want to use during development, like linting and testing.

When you're ready, open a pull request with the suggested changes.


Running tests in Docker

  1. Run npm run env start
  2. Run npm run test or npm run test:watch.

Running tests locally

  1. Create a MySQL database for the tests. Don't reuse an existing database, because all of the data will be deleted every time the tests are run.
  2. Add the following to your ~/.bashrc, with the values for the database you created above:
    export WORDPRESS_DB_NAME=wp_tests
    export WORDPRESS_DB_USER=wp_tests
    export WORDPRESS_DB_PASSWORD=wp_tests
  3. source ~/.bashrc
  4. Run composer run test or composer run test:watch.

To view the code coverage report, you can open a web browser, go to File > Open file..., and then select {path to two-factor}/tests/logs/html/index.html.


Deployments to plugin repository are handled automatically by the GitHub action .github/workflows/deploy.yml. All merges to the master branch are commited to the trunk directory while all Git tags are pushed as versioned releases under the tags directory.

Known Issues

  • PHP codebase doesn't pass the WordPress coding standard checks, see #437.


Created by contributors and released under GPLv2 or later.


Please privately report any potential security issues to the WordPress HackerOne program.