Title: WP Access Control Center
Author: Michael Finkenberger
Published: 2 Desember 2020
Last modified: 19 April 2026
---
Cari plugin
# WP Access Control Center
Oleh [Michael Finkenberger](https://profiles.wordpress.org/mitfi/)
[Unduh](https://downloads.wordpress.org/plugin/emergency-management.3.2.0.7.zip)
* [Detail](https://id.wordpress.org/plugins/emergency-management/#description)
* [Ulasan](https://id.wordpress.org/plugins/emergency-management/#reviews)
* [Instalasi](https://id.wordpress.org/plugins/emergency-management/#installation)
* [Pengembangan](https://id.wordpress.org/plugins/emergency-management/#developers)
[Bantuan](https://wordpress.org/support/plugin/emergency-management/)
## Deskripsi
**WP Access Control Center** is a powerful security control center for WordPress
administrators who want full control over authentication, sessions, and password
policies.
Take control of your site’s access layer with real-time session monitoring, flexible
two-factor authentication, and powerful emergency tools — all in one place.
### 🛡️ Security Overview Dashboard 📊
* General indicator about the current site security status
* Status overview about the most important security settings
* Live view of main session KPIs (refresh: 5s)
* Next step recommendations to get your site more secure
* Can be made _sticky_ to stay visible when scrolling down
### 🔐 Two-Factor Protection
* Email-based verification codes
* TOTP support (Google Authenticator, Microsoft Authenticator, Authy, etc.)
* Role-based enforcement
* Grace periods for smooth rollout
* Backup codes for account recovery
* Trusted devices to reduce login friction
### 👁️ Live Session Control
* Real-time overview of all active sessions (AJAX-powered)
* Inspect session details and parameters
* Instantly terminate individual or all sessions
* Monitor user activity as it happens
### 🔑 Password Policies
* Enforce password strength requirements
* Prevent password reuse
* Define role-based password expiration
* Real-time feedback during password creation
### ⚡ Bulk Password Reset
* Reset passwords for roles or selected users
* Optionally terminate related sessions
* Automatic email notifications (fully customizable)
### 🔄 Security Key Rotation
* One-click regeneration of WordPress KEYs & SALTs
* Immediately invalidates all active sessions
* Essential for incident response
### ⏱️ Advanced Session Control
* Configure session lifetime per role
* Separate rules for “Remember Me”
* Automatic cleanup of expired sessions
### 🎨 Login Experience Designer
* Customize the 2FA login page
* Background images (outer & inner)
* Flexible CSS customization
* Safe defaults – no changes unless configured
**No external services required.** Everything runs locally within your WordPress
installation.
## Tangkapan Layar
* [[
* Two-Factor Protection – Have control over 2FA parameters and control the use
of Application Passwords
* [[
* Two-Factor Protection – Enable Email and TOTP authentication with enforcement
options
* [[
* Two-Factor Protection – Shape your users’ experience by balancing security and
ease of use
* [[
* Two-Factor Protection – Manage your indiviual 2FA methods in your user profile
* [[
* Live Session Control – Monitor active user sessions in real time and terminate
them instantly
* [[
* Password Policies – Define strength requirements, reuse limits, and expiration
rules
* [[
* Bulk Password Reset – Reset passwords for roles or selected users with one click
* [[
* Security Key Rotation – Instantly regenerate WordPress KEYs and SALTs
* [[
* Login Experience Designer – Customize the 2FA login appearance with images and
CSS
## Instalasi
1. Upload the plugin to ‘/wp-content/plugins/wp-access-control-center’
2. Activate it via the Plugins screen
3. Go to the **WP Access Control Center** menu
## Tanya Jawab
### Does this plugin require external services?
No. All features run entirely within your WordPress installation.
### Which authenticator apps are supported?
Any TOTP-compatible app such as Google Authenticator, Microsoft Authenticator, Authy,
and others.
### Can I enforce 2FA for specific roles only?
Yes, you can enforce 2FA per role and define optional grace periods.
### Are different 2FA methods available?
Yes, the available 2FA methods include email codes, authenticator apps (TOTP), trusted
devices and backup codes.
### Can I customize the appearance of the 2FA login screen?
Yes, there is one admin page specifically dedicated to control the appearance and
branding of the 2FA login screen.
### What happens when passwords expire?
Users are required to set a new password upon login.
### Can I make sure that users won’t reuse their previous passwords?
Yes, you will be able to control the number of previous passwords forbidden to be
reused.
### Does the plugin provide a live overview about all existing sessions?
Yes, this plugin provides a fully flexible live monitoring of sessions und the related
user activity.
### Can I terminate sessions manually?
Yes, you can terminate individual sessions or all sessions at any time.
### Will rotating KEYs and SALTs log out users?
Yes. All sessions will be invalidated immediately.
## Ulasan
Belum ada ulasan untuk plugin ini.
## Kontributor & Pengembang
“WP Access Control Center” adalah perangkat lunak open source. Berikut ini mereka
yang sudah berkontribusi pada plugin ini.
Kontributor
* [ Michael Finkenberger ](https://profiles.wordpress.org/mitfi/)
“WP Access Control Center” telah diterjemahkan dalam 1 bahasa. Terima kasih kepada
[para penerjemah](https://translate.wordpress.org/projects/wp-plugins/emergency-management/contributors)
untuk kontribusi-nya.
[Terjemahkan “WP Access Control Center” dalam bahasa Anda.](https://translate.wordpress.org/projects/wp-plugins/emergency-management)
### Tertarik mengembangkan?
[Lihat kode](https://plugins.trac.wordpress.org/browser/emergency-management/),
periksa [repositori SVN ](https://plugins.svn.wordpress.org/emergency-management/),
atau mendaftar ke [log pengembangan](https://plugins.trac.wordpress.org/log/emergency-management/)
melalui [RSS](https://plugins.trac.wordpress.org/log/emergency-management/?limit=100&mode=stop_on_copy&format=rss).
## Log Perubahan
#### 3.2.0.7
* (Tweak) Security overview dashboard session messages refined.
#### 3.2.0.6
* (New) Additional session data (related to admins) in the security overview dashboard.
* (New) Additional data pills above the session view for a comprehensive overview.
* (Fix) A few messages updated for better clarity.
* (Fix) Added update.php as a target for the important plugin messages.
#### 3.2.0.5
* (Fix) Session KPIs in security overview dashboard corrected.
* (Fix) Naming of view pills above the session live view changed for clarity.
#### 3.2.0.4
* (Fix) Added update-core.php as a target for the important plugin messages.
#### 3.2.0.3
* (New) Additional session data in the security overview dashboard.
* (Tweak) The ‘recommended next step’ logic was further enhanced.
* (Tweak) Code optimizations.
#### 3.2.0.2
* (Fix) A few minor fixes.
#### 3.2.0.1
* (Fix) CSS feature corrected.
#### 3.2.0.0
* (New) Emergency Management is now ‘WP Access Control Center’ (name slug remains
unchanged).
* (New) Introduced a ‘Security Overview Dashboard’ with live sessions, valuable
security status information and recommendations to act.
* (Tweak) UI/UX appearance was rebuilt and internal structures were refactured
for future growth.
* (Tweak) Logic for debug session tokens (column ‘User Meta Session Tokens’ in
Live Sessions) was refurbished.
* (New) New messaging system introduced for enhanced admin info upon plugin installation
and update.
#### 3.1.0.0
* (New) ‘Challenge Appearance’ tab added with CSS styling options, including images,
for corporate branding.
* (Tweak) More email placeholders were added.
* (Tweak) 2FA help tab expanded.
#### 3.0.4.3
* (Tweak) ‘Security’ tab renamed to ‘2FA Security’.
* (Tweak) In the ‘2FA Security’ tab, the two columns of the roles policy for 2FA
method display were switched for better alignment in case of long role names.
* (Tweak) A few other UI/UX improvements.
#### 3.0.4.2
* (Tweak) Moved the default WordPress session duration override to a more appropriate
place on the related admin page.
#### 3.0.4.1
* (New) Online debug feature for visible session token data (in column other stored
parameters) added in related user meta session tokens.
#### 3.0.4.0
* (New) Optional global WordPress session duration override added.
* (New) Delayed PWA recognition added with post-login influence to session duration
as defined by the admin.
* (Tweak) 2FA help tabs improved with more information.
* (Tweak) Messages added and some messages corrected for clarity.
* (Tweak) 2FA tabs partially renamed.
* (Tweak) A few improvements for stability.
#### 3.0.3.1
* (Fix) A few minor corrections.
#### 3.0.3.0
* (New) Added a separate session duration option for PWA logins.
* (Tweak) Added backward compatibility for older password reset email contents.
#### 3.0.2.0
* (New) Help tabs for session management added.
* (Tweak) All help tabs optimized.
* (Tweak) Messaging and related strings optimized.
* (Fix) Last missing nonces, sanitizing and escaping completed.
#### 3.0.1.0
* (New) 2s session view refresh added incl. potential high server load warning.
#### 3.0.0.0
* (New) Introduced a smart session management with smooth live view (AJAX) and
anonymized data for privacy adherence.
* (Tweak) CSS improvements.
* (Tweak) Flexible plugin data deletion upon plugin being deleted.
#### 2.0.4.0
* (New) For convenience, in the user profile, backup code generation was as well
tranferred to AJAX.
* (Tweak) Minimum password expiry days moved from 10 days to 1 day as per user
request.
#### 2.0.3.0
* (New) For a smoother UI/UX, AJAX is now being used for secret generation and
TOTP activation.
#### 2.0.2.0
* (New) Handling of multiple roles with different 2FA requirements added (strictest
rule wins).
* (New) Introduction TOTP enforcement in case of TOTP only.
* (Tweak) ‘Remember Me’ warning fires only if the related tab is being saved. Authenticator
App ‘otpauth://totp/’ data updated. Placeholder for issuer input added.
#### 2.0.1.2
* (Fix) Input type for Backup Codes corrected.
#### 2.0.1.1
* (Tweak) Also serving AJAX/JSON during login redirect.
#### 2.0.1.0
* (New) Rendering a custom 2FA challenge form to achieve full independence from
wp_login and other login-related plugins (e.g. Theme My Login), while also preventing
potential conflicts.
* (Tweak) Convenient bidirectional navigation between Site Security and Two-Factor
Authentication settings.
#### 2.0.0.1
* (Fix) Avoid conflict with agressive plugins during menu registration.
#### 2.0.0.0
* (New) Introduced Two-Factor Authentication (2FA), featuring: Email Codes, Authenticator
Apps (TOTP), Backup Codes and Trusted Devices.
* (New) Introduced role related control of session duration (with and without ‘
Remember Me’).
* (Tweak) Adjusted a few strings for better clarity.
#### 1.4.5.1
* (Fix) Ensure in all cases that a password cannot be reused upon password expiry,
even if password strength monitoring has been switched off.
* (Fix) Ensure that the password reuse limit is 0 if the password strength monitoring
is switched off.
* (Tweak) Reorganized the use of hooks for stabile performance.
* (Tweak) Updated some messages and some minor fixes.
#### 1.4.5.0
* (New) Added functionality to define the number of previous passwords not allowed
to be reused.
* (Tweak) Re-engineered a few functions for better performance.
* (Tweak) Optimized names of functions, variables/constants, slugs and classes
for robustness
#### 1.4.4.0
* (New) Placeholders for email text may now be copied by a mouseclick or by and .
#### 1.4.3.0
* (New) {user-profile-url} added as placeholder for email text.
* Thorough test with WordPress 7.0 version.
#### 1.4.2.0
* (Tweak) Adjusted the password maximum length limit.
#### 1.4.1.0
* (Tweak) The role names will now be translated (as far as available).
* Tested successfully with WordPress 6.4.
#### 1.4.0.3
* Minor language corrections
#### 1.4.0.2
* Correction of version indication in help screen
* Minor language corrections
#### 1.4.0.1
* Minor adjustments for wp-config.php
* Thorough test with WordPress 6.1.1 version.
#### 1.4.0.0
* Corrected erroneous password-strength-reset behaviour (introduced previously
by error).
* Corrected password reset behaviour for roles under certain conditions.
* Added timestamp for KEYs & SALTs in config.php.
* Compatibility improvement #1 for PHP 8.0.
* Global strings translation optimized.
* Improved settings for email editing and added editor class ‘mfem-email-editor’
for CSS control.
* A few smaller improvements.
* Tested successfully with WordPress 5.7.2.
#### 1.3.2.0
* Password changes by user profile are now fully covered as well
#### 1.3.1.0
* Bug in password reset corrected: timestamp during user registration and password
reset was not properly stored before
#### 1.3.0.3
* Tooltips added
* Password expiry messages adapted (colors and content)
#### 1.3.0.2
* Table format optimized for small screens (horizontal movability)
#### 1.3.0.1
* Updated some text
#### 1.3.0.0
* Added password expiry function by roles (password reuse is then prohibited as
well)
* Compatibility with the plugin “Theme My Login” has been secured
* Optimized forms when using the key
#### 1.2.2.1
* Removed unnecessary (direct) links to KEYs & SALTs renewal
#### 1.2.2.0
* Tested ok with WordPress 5.7
* Fixed issue with saving eMail text under certain conditions
* Changed German translation to default (informal)
#### 1.2.1.2
* Tested ok with WordPress 5.6.2
#### 1.2.1.1
* Minor bug fix for correct version display in help tab area
* Minor bug fix to stay in selected admin tab upon action
#### 1.2.1.0
* Admin Tabs added for a more structured administration
#### 1.2.0.0
* Missing translation string added
* Admin submenu and plugin action link selection for SALTs renewal will delete
all sessions as well (as recommended)
#### 1.1.9.1
* Missing translation string added
#### 1.1.9
* Added admin help sidebar
#### 1.1.8
* Corrected behavior: in some cases, password wasn’t reset (and eMail wasn’t sent)
when sessions were to be deleted in parallel.
#### 1.1.7
* Tested successfully with WordPress Version 5.6.
#### 1.1.6
* Prevent password lengths < 8 (security) and > 20 (WordPress database limit).
* Prevent inadvertent form submits by the RETURN key.
#### 1.1.5
* Error in password check corrected!!
* Increasing the size of the special character subset for the password check.
#### 1.1.4
* The detailed explanations and hints were moved to the standard admin ‘help’ tabs
at the screen top.
* The ‘help’ tabs include the Q&As (to be extended regularly as they will be growing).
#### 1.1.3
* Make sure that the local plugin translations are loaded, if they are provided
with the plugin for the selected language. Otherwise, load the ones provided
through the WordPress translations, if any. This is (was) due to my experience
that the proper SVN version synchronization with the WordPress languages directory
has been found failing… (–> Has been removed in 1.2.0.0)
* Minor code and translation improvements.
#### 1.1.2
* Minor code improvements.
#### 1.1.1
* Corrected the relative path to the translations.
#### 1.1.0
* Added the ability to just delete selected roles’ or user’s sessions as a separate
function.
#### 1.0.2
* Minor code improvements.
#### 1.0.1
* Improved checking and feedbacks regarding the email content.
* Prevent the password reset button from being pressed as long as the email text
has not yet been set.
* Re-arranged the structure for the success, warning and error messages.
* Minor corrections in textual explanations and German translation.
* Improvements in the code to comply with WordPress coding standards.
#### 1.0.0
* First stable version with all initial features.
## Meta
* Versi **3.2.0.7**
* Diperbarui **3 jam yang lalu**
* Instalasi Aktif **10+**
* Versi WordPress ** 6.2 atau yang terbaru **
* Diuji hingga **7.0**
* Versi PHP ** 7.4 atau yang terbaru **
* Bahasa
* [English (US)](https://wordpress.org/plugins/emergency-management/) dan [German](https://de.wordpress.org/plugins/emergency-management/).
* [Terjemahkan dalam bahasa Anda](https://translate.wordpress.org/projects/wp-plugins/emergency-management)
* Tag
* [2FA](https://id.wordpress.org/plugins/tags/2fa/)[access-control](https://id.wordpress.org/plugins/tags/access-control/)
[security](https://id.wordpress.org/plugins/tags/security/)[sessions](https://id.wordpress.org/plugins/tags/sessions/)
[user sessions](https://id.wordpress.org/plugins/tags/user-sessions/)
* [Tampilan lanjut](https://id.wordpress.org/plugins/emergency-management/advanced/)
## Rating
No reviews have been submitted yet.
[Your review](https://wordpress.org/support/plugin/emergency-management/reviews/#new-post)
[Lihat semua ulasan](https://wordpress.org/support/plugin/emergency-management/reviews/)
## Kontributor
* [ Michael Finkenberger ](https://profiles.wordpress.org/mitfi/)
## Bantuan
Ada yang ingin dikatakan? Butuh bantuan?
[Lihat forum bantuan](https://wordpress.org/support/plugin/emergency-management/)