Name: Two-Factor
Rating: 4.8 (195 reviews)

描述

通过“用户”“个人资料”下的“双重身份验证选项”部分，为您的账户启用和配置一个或多个双重身份验证方式：

邮件验证码
基于时间的一次性密码（TOTP）
FIDO 通用第二因素（U2F）
备用验证码
虚拟方式（仅用于测试目的）

有关更多历史，请参阅这篇文章。

动作和过滤器

以下列出该插件提供的动作和过滤器钩子：

two_factor_providers 过滤器：将覆盖可用的双重身份验证提供方式，例如电子邮件和基于时间的一次性密码。数组值为双重身份验证方式的 PHP 类名。
two_factor_providers_for_user filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object WP_User is available as the second argument.
two_factor_enabled_providers_for_user 过滤器：将覆盖提供给用户启用的双重身份验证方式清单。第一个参数为启用的方式提供类名数组作为值，第二个参数为用户 ID。
two_factor_user_authenticated 动作：接收已登录的 WP_User 对象作为第一个参数，用在身份验证工作流之后确定登录的用户。
two_factor_user_api_login_enable filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.
two_factor_email_token_ttl filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the WP_User object being authenticated.
two_factor_email_token_length filter overrides the default 8 character count for email tokens.
two_factor_backup_code_length filter overrides the default 8 character count for backup codes. Provides the WP_User of the associated user as the second argument.
two_factor_rest_api_can_edit_user filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current $can_edit boolean, the second argument is the user ID.

屏幕截图

用户个人资料下的双因素选项。
用户个人资料下的U2F安全密钥部分。
Login with authentication app code.
Login with recovery code.
Login with email code.

常见问题

What PHP and WordPress versions does the Two-Factor plugin support?

This plugin supports the last two major versions of WordPress and the minimum PHP version supported by those WordPress versions.

我该如何发送反馈或获取有关错误的帮助？

报告漏洞、功能建议或任何其他（非安全相关）的反馈最佳途径是在 GitHub Two Factor 的 issues 页面。在提交新问题之前，请搜索现有问题以检查是否有其他人报告了相同的反馈。

我应该在哪里报告安全漏洞？

插件贡献者和 WordPress 社区非常重视安全漏洞。我们感谢您负责任地披露您发现的漏洞，并将竭尽全力解决您的贡献。

要报告安全问题，请访问 WordPress HackerOne 网站。

评价

sequith 2025 年 11 月 25 日

Thank you for such helpful and useful plugin. It’s level-up my security to the next level.

Abdulrashid Aushev 2025 年 9 月 22 日

Helps secure important accounts and data! This will stop unknown device login.

michavo73 2025 年 8 月 20 日 3 回复

A great plugin and absolutely useful and important! Unfortunately, there is a problem that needs to be addressed and resolved: The QR code generated for 2FA apps is reported as incorrect by the 2FAS smartphone app. If you type the code below into the app, everything works fine. This problem did not occur with Google Authenticator. Of course, it seems to be a problem with the 2FAS app, because Google can do it! But shouldn’t the problem be analyzed in more detail on the developer side? I will probably also inform the developer of the app. However, it would certainly be best if the two experts (plugin here and app there) got in touch with each other.

kruthikreddyj 2025 年 7 月 17 日

This plugin made it really easy to add two-factor authentication to my WordPress test site. The interface is clean, and the setup took just a few minutes. Works well with email and TOTP apps like Google Authenticator. A must-have for basic security!

Christian Strasser 2025 年 7 月 4 日

Easy to setup and just works – great plugin. Installed on plenty of websites and never had an issue.

grupojomar 2025 年 6 月 2 日 1 回复

Congratulations! After trying several plugins, this one hasn’t disappointed me so far. Let’s hope it continues to do what it says. Congratulations to the developers!

阅读所有196条评价