Title: SI 2FA Login Security Author: Stroke Infotech Published: 13. 2. 2025 Last modified: 5. 3. 2025 --- Prohledat pluginy ![](https://ps.w.org/si-2fa-login-security/assets/banner-772x250.jpg?rev=3239933) ![](https://ps.w.org/si-2fa-login-security/assets/icon-256x256.jpg?rev=3239933) # SI 2FA Login Security Autor: [Stroke Infotech](https://profiles.wordpress.org/strokeinfotech/) [Stáhnout](https://downloads.wordpress.org/plugin/si-2fa-login-security.1.2.zip) * [Podrobnosti](https://cs.wordpress.org/plugins/si-2fa-login-security/#description) * [Hodnocení](https://cs.wordpress.org/plugins/si-2fa-login-security/#reviews) * [Instalace](https://cs.wordpress.org/plugins/si-2fa-login-security/#installation) * [Vývojáři](https://cs.wordpress.org/plugins/si-2fa-login-security/#developers) [Podpora](https://wordpress.org/support/plugin/si-2fa-login-security/) ## Popis Secure WordPress login with this two factor authentication (MFA / 2FA) plugin. Users for whom it is enabled will require a one-time code in order to log in. Features * Supports standard TOTP protocols (and so supports Google Authenticator, Authy, and many others). * Displays graphical QR codes for easy scanning into apps on your phone/tablet * MFA can be turned on or off by each user * Supports front-end editing of settings, via shortcode (i.e. users don’t need access to the WP dashboard). * User login history * [si2flose_twofactor_user_settings] * Simplified user interface and code base for ease of use and performance * Alert users if someone appears to have found out their password, as indicated by successfully entering a password but repeatedly entering an incorrect MFA code. * When using the front-end shortcode, require the user to enter the current MFA code correctly to be able to activate MFA #### How Does MFA / 2FA Work? This plugin uses the industry standard MFA / 2FA algorithm [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) for creating One Time Passwords. These are used by Google Authenticator, Authy, and many other OTP applications that you can deploy on your phone etc. A TOTP code is valid for a certain time. Whatever program you use (i.e. Google Authenticator, etc.) will show a different code every so often. #### Plugin Notes This plugin began life in early 2025 as a friendly fork and enhancement of „wp mfa authentication“ plugin. This plugin requires PHP version 5.3 or higher and support for either php-openssl or [PHP mcrypt](http://www.php.net/manual/en/mcrypt.installation.php). The vast majority of PHP setups will have one of these. If not, ask your hosting company. 1. Search for ‚SI 2FA Login Security‘ in the ‚Plugins‘ menu in WordPress. 2. Click the ‚Install‘ button. (Make sure you picks the right one) 3. Activate the plugin through the ‚Plugins‘ menu in WordPress 4. Find site-wide settings in 2FA User Settings ; find your own user settings in the top-level menu entry „2FA User Settings“. If you want to add a section to the front-end of your site where users can configure their two-factor authentication settings, use this shortcode: ``` [si2flose_twofactor_user_settings] ``` ## Snímky obrazovky * [[ 1. User settings (dashboard) * [[ 1. User settings (front-end, via Shortcode) * [[ 1. Regular WP login form requesting OTP code (after successful username/password entry) ## Instalace This plugin requires PHP version 5.3 or higher and support for either php-openssl or [PHP mcrypt](http://www.php.net/manual/en/mcrypt.installation.php). The vast majority of PHP setups will have one of these. If not, ask your hosting company. 1. Search for ‚SI 2FA Login Security‘ in the ‚Plugins‘ menu in WordPress. 2. Click the ‚Install‘ button. (Make sure you picks the right one) 3. Activate the plugin through the ‚Plugins‘ menu in WordPress 4. Find site-wide settings in 2FA User Settings ; find your own user settings in the top-level menu entry „2FA User Settings“. If you want to add a section to the front-end of your site where users can configure their two-factor authentication settings, use this shortcode: ``` [si2flose_twofactor_user_settings] ``` ## Nejčastější dotazy ### What is SI 2FA Login Security (MFA / 2FA) ? Basically, it’s to do with securing your logins, so that there’s more than one link in the chain needing to be broken before an unwanted intruder can get in your website. By default, your WordPress accounts are protected by only one thing: your password. If that’s broken, then everything’s wide open. „MFA Factor Auth“ means adding a second requirement. Usually, this is a code that comes to a device you own (e.g. phone, tablet) – so, someone can’t get into your website without getting hold of your device. You can get a longer answer from Wikipedia. ### How does two factor authentication (MFA / 2FA) work? Since „SI 2FA Login Security“ just means „a second something is necessary to get in“, this answer depends upon the particular set-up. In the most common case, a numeric code is shown on your phone, tablet or other device. This code be sent via an Authenticator; this then depends on the mobile phone network working. This plugin does not uses that method. Instead, it uses a standard mathematical algorithm to generate codes that are only valid once each, or for only for 30 seconds (depending on which algorithm you choose). Your phone or tablet can know the code after it has been set up once (often, by just scanning a bar-code off the screen). ### What do I need to set up on my phone/tablet (etc.) in order to generate the codes? This depends on your particular make of phone, and your preferences. Google have produced a popular app called „Google Authenticator“, which is a preferred option for many people because it is easy to use and can be set up via just scanning a bar code off your screen – follow this link, and ignore the first paragraph that is talking about 2FA on your Google account (rather than being relevant to this plugin). ### What if I do not have a phone or tablet? Many and various devices and programs can generate the codes. One option is an add- on for your web browser; for example, here are some apps and add-ons for Google Chrome. Wikipedia lists various programs for different computers. If you cannot get in and need to disable mfa-factor authentication, then add this to your wp-config.php file, using FTP or the file manager in your hosting control panel: define(‚SI2FLOSE_FACTOR_DISABLE‘, true); ### What is the shortcode to use for front-end settings? [si2flose_twofactor_user_settings] ### I deliberately entered a wrong password, and it let me login! You have a password manager extension installed in your web browser, with the correct password entered in it. It has automatically replaced your wrong password with the right one from its saved store. This behaviour has been observed and confirmed by several users. You can verify it by using the web developer tools in your browser to look at the HTTP data sent to WordPress, and observe which password is actually in it. You can also open a fresh web browser with no such extension in it to re- test. Note that the two factor authentication plugin has no mechanism to compare or approve passwords; this is done by WordPress core. If the wrong password is sent, then this is handled by WordPress, and the login will not proceed. ## Recenze Pro tento plugin nejsou žádné recenze. ## Autoři SI 2FA Login Security je otevřený software. Následující lidé přispěli k vývoji tohoto pluginu. Spolupracovníci * [ Stroke Infotech ](https://profiles.wordpress.org/strokeinfotech/) [Přeložte “SI 2FA Login Security” do svého jazyka.](https://translate.wordpress.org/projects/wp-plugins/si-2fa-login-security) ### Zajímá vás vývoj? [Prohledejte kód](https://plugins.trac.wordpress.org/browser/si-2fa-login-security/), podívejte se do [SVN repozitáře](https://plugins.svn.wordpress.org/si-2fa-login-security/), nebo se přihlaste k[ odběru protokolu vývoje](https://plugins.trac.wordpress.org/log/si-2fa-login-security/) pomocí [RSS](https://plugins.trac.wordpress.org/log/si-2fa-login-security/?limit=100&mode=stop_on_copy&format=rss). ## Přehled změn #### 1.0 (27 January 2025) Initial release #### 1.1 (06 February 2025) * First version * Shortcode si2flose_twofactor_user_settings added, for front-end settings * Use AJAX to refresh current code (rather than reloading the whole page) * Added WordPress nonces and user permission checks in relevant places * User interface simplified/de-cluttered #### 1.2 (05 March 2025) * Improvements readme * Added user login logs ## Meta * Verze **1.2** * Poslední aktualizace **před 1 rokem** * Aktivních instalací **Méně než 10** * Verze WordPressu ** 6.2 nebo novější ** * Testováno až do WordPressu **6.7.5** * Verze PHP ** 7.4 nebo novější ** * Jazyk * [English (US)](https://wordpress.org/plugins/si-2fa-login-security/) * Štítky * [2-factor authentication](https://cs.wordpress.org/plugins/tags/2-factor-authentication/) [2FA](https://cs.wordpress.org/plugins/tags/2fa/)[two factor authentication](https://cs.wordpress.org/plugins/tags/two-factor-authentication/) [WordPress authentication](https://cs.wordpress.org/plugins/tags/wordpress-authentication/) * [Podrobnosti](https://cs.wordpress.org/plugins/si-2fa-login-security/advanced/) ## Hodnocení Zatím nebyly zadány žádné recenze. [Your review](https://wordpress.org/support/plugin/si-2fa-login-security/reviews/#new-post) [Zobrazit všechny recenze](https://wordpress.org/support/plugin/si-2fa-login-security/reviews/) ## Spolupracovníci * [ Stroke Infotech ](https://profiles.wordpress.org/strokeinfotech/) ## Podpora Potřebujete pomoc? [Fórum podpory](https://wordpress.org/support/plugin/si-2fa-login-security/)