Description
Flavor 2FA adds powerful two-factor authentication to your WordPress site without the complexity. No bloat, no confusing settings – just solid security that protects your site from unauthorized access.
Why Flavor 2FA?
- Zero configuration needed – Works out of the box
- Native WordPress styling – Feels like part of WordPress
- Two verification methods – Authenticator apps (Google Authenticator, Authy, 1Password) or email codes
- User-friendly setup – Guided 3-step process with QR code scanning
- Complete admin control – Force 2FA, reset users, manage lockouts
Features
For Users:
* Choose between authenticator app or email verification
* 10 recovery codes for emergency access
* “Trust this device” option to skip 2FA on personal devices
* Simple, clean verification screens
For Admins:
* Require 2FA for specific user roles
* Grace period for new users
* Force immediate 2FA setup on next login
* Lockout protection against brute force attacks
* Reset 2FA or unlock accounts with one click
* See 2FA status for all users at a glance
Perfect For
- Agencies managing client sites
- WooCommerce stores handling sensitive data
- Membership sites with user accounts
- Any WordPress site that needs extra security
External services
This plugin uses a third-party service to generate QR codes during the TOTP authenticator app setup process.
QR Server API
When a user chooses the “Authenticator App” method during 2FA setup, the plugin generates a QR code image via the QR Server API. This QR code contains the TOTP secret URI (which includes the site name, user email, and secret key) so the user can scan it with their authenticator app.
- What data is sent: A TOTP provisioning URI containing the site name, user email address, and a generated secret key.
- When it is sent: Only once, when a user sets up TOTP-based two-factor authentication. No data is sent during normal login verification.
- Service provider: goQR.me / QR Server
- Service URL: https://goqr.me/api/
- Terms of service: https://goqr.me/api/doc/
- Privacy policy: https://goqr.me/privacy-policy/
Installation
- Upload
flavor-2fato/wp-content/plugins/ - Activate through ‘Plugins’ menu
- Go to Settings Flavor 2FA
- Select which user roles require 2FA
- Done! Users will be prompted to set up 2FA on their next login
FAQ
-
Which authenticator apps are supported?
-
Any TOTP-compatible app works: Google Authenticator, Authy, 1Password, Microsoft Authenticator, LastPass Authenticator, and more.
-
What if a user loses their phone?
-
Users receive 10 one-time recovery codes during setup. If those are also lost, an admin can reset their 2FA from the Users page or plugin settings.
-
Can I require 2FA only for administrators?
-
Yes! You can choose exactly which user roles must enable 2FA. Common setups include requiring it for Administrators and Editors while leaving it optional for Subscribers.
-
Is there a grace period for new users?
-
Yes, configurable from 0-365 days. New users won’t be forced to set up 2FA until the grace period expires.
-
What happens when 2FA is deactivated?
-
All plugin data is automatically cleaned up, including user secrets and recovery codes. Nothing is left behind.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Flavor 2FA” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Flavor 2FA” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial release