Skip to content

dxw/2fa

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
doc
 
 
lib
 
 
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

2fa

WordPress plugin for 2 factor authentication (TOTP and SMS)

Installation

At the moment this plugin must be installed on a multisite installation.

If you don't have a Twilio account, there's currently no way to hide SMS from the setup page.

To enable SMS authentication add these constants to your wp-config.php:

define('TWILIO_ACCOUNT_SID', 'AC...');
define('TWILIO_AUTH_TOKEN', '...');
define('TWILIO_NUMBER', '...');

You can find those here.

Usage

Super admins can decide which users must use 2FA. Users cannot opt to start using 2FA if it has not been enabled for their account.

Super admins can do this in two ways - setting an option on the user's profile to "enabled", or by checking the checkbox in the list of sites which forces all users of a site to use 2FA.

Users will then be forced to setup 2FA the next time they log in (it will not interrupt a user who is already logged in).

They have the option of using TOTP (apps like Google Authenticator) or SMS. And they can configure up to 2 devices (controlled by a constant).

Admins can also set the number of days users can skip requests for their second factor when logging in.

wp-cli command

% wp 2fa fails
% wp 2fa user alice
% wp 2fa reset bob

Tests

Note: Integration tests are executed by Travis, but the "restart" button may need to be pushed a few times before they pass.

Unit tests and linter:

% composer install
% vendor/bin/peridot spec
% vendor/bin/php-cs-fixer fix --dry-run -v --diff

Integration tests:

% tests/run-with-docker.sh

Licence

MIT

About

WordPress plugin for 2 factor authentication (TOTP and SMS)

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published