Title: Secure 2FA
Author: Mohamed Endisha
Published: <strong>10 April 2025</strong>
Last modified: 10 April 2025

---

Cari plugin

![](https://ps.w.org/secure-tfa/assets/banner-772x250.png?rev=3270490)

![](https://ps.w.org/secure-tfa/assets/icon-256x256.png?rev=3270490)

# Secure 2FA

 Oleh [Mohamed Endisha](https://profiles.wordpress.org/endisha/)

[Unduh](https://downloads.wordpress.org/plugin/secure-tfa.1.0.0.zip)

 * [Detail](https://id.wordpress.org/plugins/secure-tfa/#description)
 * [Ulasan](https://id.wordpress.org/plugins/secure-tfa/#reviews)
 *  [Instalasi](https://id.wordpress.org/plugins/secure-tfa/#installation)
 * [Pengembangan](https://id.wordpress.org/plugins/secure-tfa/#developers)

 [Bantuan](https://wordpress.org/support/plugin/secure-tfa/)

## Deskripsi

Secure 2FA adds an extra layer of security to your WordPress login process by enabling
2FA via several authentication methods.

### Features

 * Free two-factor authentication (2FA) plugin
 * Multiple authentication methods: One-time password (OTP), Yubico OTP (YubiKey),
   Email OTP, and WhatsApp OTP
 * Customizable OTP configurations: Expiration time, retries, and more
 * Role-based enforcement: Require 2FA for all or specific roles while excluding
   others
 * Supports WordPress Multisite and single-site installations
 * Activity log tracking: Monitor authentication attempts and security events
 * Rate limiting: Prevent brute-force attacks by limiting OTP requests per user
 * Backup recovery codes: Allow users to regain access if they lose their primary
   2FA method
 * Automatic log cleanup: Enable or disable automatic deletion of old activity logs
   with configurable schedules
 * UI control: Manage the visibility of the “Configure 2FA” option in the sidebar,
   admin toolbar, and user list

### Time-based One-Time Password 2FA Method

 * Compatible with diifrent authotcitors apps susch as Google Authenticator and 
   Duo etc.
 * Generates QR codes during 2FA setup.
 * Supports manual setup keys.

### WhatsApp 2FA Method

This method leverages Meta’s official API to send OTPs via WhatsApp authentication
template. It supports the following features:

 * Set a default template language.
 * Support multiple template languages based on the user’s UI language (templates
   must match WhatsApp requirements).
 * Define a base country for phone numbers when configuring 2FA.
 * Restrict phone number selection by specifying an allowed countries list.
 * Enable IP address lookup to detect the user’s country during 2FA setup.
 * Allow or prevent multiple users from using the same phone number.
 * Set custom phone number regex patterns to enforce specific formatting rules.

### Email OTP 2FA Method

 * Allow or disallow users to enter a different email when configuring email as 
   a two-factor authentication method.
 * Specify a custom email address from which OTPs will be sent.
 * Customize email languages, subject lines, and message content based on supported
   languages.

### Yubico OTP 2FA Method

Yubico OTP is a secure and convenient authentication method supported by all YubiKeys
out of the box. It provides an additional layer of security as a second-factor authentication
option.

### Requirements

 * WordPress 6.0 or newer.
 * PHP version 7.4 or newer.

### External Library and Services Usage

 * The plugin utilizes the [intl-tel-input](https://github.com/jackocnr/intl-tel-input)
   library to provide phone number formatting functionality.
 * The plugin integrates with Meta’s WhatsApp Business API, which is subject to **
   Meta’s Terms of Service** and **pricing policies**. You may need to subscribe
   to a third-party WhatsApp API method or a Meta-approved Business Solution Provider
   to use this service. For details, visit [Meta’s WhatsApp Business API documentation](https://developers.facebook.com/docs/whatsapp).
 * The plugin integrates with the **Yubico OTP API**. It securely sends the user’s
   one-time password (OTP) to Yubico’s verification service to authenticate login
   attempts. Review Yubico’s [Terms & Conditions](https://www.yubico.com/support/terms-conditions/yubico-website-terms-conditions/)
   and [Privacy Notice](https://www.yubico.com/support/terms-conditions/privacy-notice/)
   for more details.

### License

Secure 2FA is licensed under the GNU General Public License v2 or later.

## Tangkapan Layar

 * [[
 * Overview
 * [[
 * Verified Users
 * [[
 * Activity Log
 * [[
 * General Settings
 * [[
 * Time-based One-Time Password 2FA Settings
 * [[
 * Email 2FA Method Settings
 * [[
 * WhatsApp 2FA Method Settings
 * [[
 * Yubico OTP 2FA Method Settings
 * [[
 * OTP Settings
 * [[
 * Recovery Codes Settings
 * [[
 * Rate Limit Settings
 * [[
 * Enforce 2FA
 * [[
 * Visibility Settings
 * [[
 * Advanced Settings
 * [[
 * Configure User 2FA
 * [[
 * Configure User 2FA – One-Time Password
 * [[
 * Configure User 2FA – Email
 * [[
 * Configure User 2FA – WhatsApp
 * [[
 * Configure User 2FA – Yubico/YubiKey
 * [[
 * Configure User 2FA – Activte
 * [[
 * Configure User 2FA – Login 2FA
 * [[
 * Configure User 2FA – Login Recovery Code
 * [[
 * Configure User 2FA – Login 2FA – WhatsApp

## Instalasi

#### Minimum Requirements

 * PHP 7.4 or greater is recommended.
 * MySQL 5.6 or greater is recommended.

#### Automatic installation

Automatic installation is the easiest option — WordPress will handle the file transfer,
and you won’t need to leave your web browser. To do an automatic install of Secure
2FA, log in to your WordPress dashboard, navigate to the Plugins menu, and click“
Add New.”

In the search field, type “Secure 2FA” and click “Search Plugins.” Once you’ve found
it, you can view details such as the point release, rating, and description. Most
importantly, you can install it by clicking “Install Now,” and WordPress will take
care of the rest.

#### Manual installation

The manual installation method requires downloading the Secure 2FA plugin and uploading
it to your web server via your favorite FTP application. The WordPress codex contains[
instructions on how to do this here](https://wordpress.org/support/article/managing-
plugins/ #manual-plugin-installation).

## Tanya Jawab

### How do I enable and configure Secure 2FA?

After activating the plugin, a “Secure 2FA” menu item will appear in your WordPress
admin dashboard’s sidebar.

### Can I disable enforcement 2FA for specific user roles?

Yes, you can configure enforce 2FA settings to exclude certain roles from 2FA enforcement.

### How Can I exclude specific users from enforced two-factor authentication?

There is no settings page available for excluding users from forced two-factor authentication.
However, you can exclude specific users by adding the following filter to the “functions.
php” file of your active theme:

    ```
    <?php
    add_filter('secure_tfa_enforce_tfa_excluded_users', function() {
        // User ID(s) you want to exclude
        return [1]; 
    });
    ```

### What happens if a user doesn’t receive the OTP?

If a user doesn’t receive their OTP, they should:

 1. Wait a few minutes and try again.
 2. Use their backup recovery codes to regain access if OTP delivery fails.
 3. If the issue persists, the site administrator can assist with troubleshooting by
    checking the activity logs for the user or deactivate 2FA for that user.
 4. If you are the site administrator, check the `Handling and Troubleshooting Issues`
    below for further assistance.

### Handling and Troubleshooting Issues

If you’re facing issues logging in or not receiving OTPs due to 2FA method issue
or email or API problems, and you need to regain access to your WordPress account,
you can configure the following constants in the `config.php` file to help resolve
these issues:

    ```
    define( 'SECURE_TFA_DISABLE_PLUGIN', true ) ;
    ```

This constant disables the 2FA login process and temporarily deactivates its functionality,
although the plugin remains active.

    ```
    define( 'SECURE_TFA_DISABLE_ENFORCE_TFA', true ) ;
    ```

This constant disables the enforced 2FA requirement for users who have not yet enabled
it.

## Ulasan

Belum ada ulasan untuk plugin ini.

## Kontributor & Pengembang

“Secure 2FA” adalah perangkat lunak open source. Berikut ini mereka yang sudah berkontribusi
pada plugin ini.

Kontributor

 *   [ Mohamed Endisha ](https://profiles.wordpress.org/endisha/)

[Terjemahkan “Secure 2FA” dalam bahasa Anda.](https://translate.wordpress.org/projects/wp-plugins/secure-tfa)

### Tertarik mengembangkan?

[Lihat kode](https://plugins.trac.wordpress.org/browser/secure-tfa/), periksa [repositori SVN ](https://plugins.svn.wordpress.org/secure-tfa/),
atau mendaftar ke [log pengembangan](https://plugins.trac.wordpress.org/log/secure-tfa/)
melalui [RSS](https://plugins.trac.wordpress.org/log/secure-tfa/?limit=100&mode=stop_on_copy&format=rss).

## Log Perubahan

#### 1.0.0 – 2025-04-10

 * Initial release.

## Meta

 *  Versi **1.0.0**
 *  Diperbarui **1 tahun yang lalu**
 *  Instalasi Aktif **10+**
 *  Versi WordPress ** 6.0 atau yang terbaru **
 *  Diuji hingga **6.7.5**
 *  Versi PHP ** 7.4 atau yang terbaru **
 *  Bahasa
 * [English (US)](https://wordpress.org/plugins/secure-tfa/)
 * Tag
 * [2FA](https://id.wordpress.org/plugins/tags/2fa/)[login](https://id.wordpress.org/plugins/tags/login/)
   [TFA](https://id.wordpress.org/plugins/tags/tfa/)
 *  [Tampilan lanjut](https://id.wordpress.org/plugins/secure-tfa/advanced/)

## Rating

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/secure-tfa/reviews/#new-post)

[Lihat semua ulasan](https://wordpress.org/support/plugin/secure-tfa/reviews/)

## Kontributor

 *   [ Mohamed Endisha ](https://profiles.wordpress.org/endisha/)

## Bantuan

Ada yang ingin dikatakan? Butuh bantuan?

 [Lihat forum bantuan](https://wordpress.org/support/plugin/secure-tfa/)