== Description ==
Secure WordPress login with this two factor authentication (TFA / 2FA) plugin. Users for whom it is enabled will require a one-time code in order to log in. From the authors of <a href="https://updraftplus.com/">UpdraftPlus - WP's #1 backup/restore plugin</a>, with over two million active installs.
Are you completely new to TFA? <a href="https://wordpress.org/plugins/two-factor-authentication/faq/">If so, please see our FAQ</a>.
Features (please see the "Screenshots" for more information):
* Supports standard TOTP + HOTP protocols (and so supports Google Authenticator, Authy, and many others).
* Displays graphical QR codes for easy scanning into apps on your phone/tablet
* TFA can be made available on a per-role basis (e.g. available for admins, but not for subscribers)
* TFA can be turned on or off by each user
* TFA can be required for specified user levels, after a defined time period (e.g. require all admins to have TFA, once their accounts are a week old) (<a href="https://www.simbahosting.co.uk/s3/product/two-factor-authentication/">Premium version</a>), including forcing them to immediately set up (by redirecting them to the page to do so)
* Supports front-end editing of settings, via [twofactor_user_settings] shortcode (i.e. users don't need access to the WP dashboard). (The <a href="https://www.simbahosting.co.uk/s3/product/two-factor-authentication/">Premium version</a> allows custom designing of any layout you wish).
* Site owners can allow "trusted devices" on which TFA codes are only asked for a chosen number of days (instead of every login); e.g. 30 days (<a href="https://www.simbahosting.co.uk/s3/product/two-factor-authentication/">Premium version</a>)
* Encrypt the TFA-generating secret keys using an on-disk encryption key, so that an attacker would need to break into both your WordPress database *and* your files in order to break TFA codes (as well as breaking a user's password in order to use them)
* Works together with <a href="https://wordpress.org/plugins/theme-my-login/">"Theme My Login"</a> (both forms and widgets)
* Includes support for the WooCommerce and Affiliates-WP login forms
* Includes support for CozmosLabs Profile Builder
* Includes support for Elementor Pro login forms (Premium version)
* Includes support for bbPress login forms (Premium version)
* Includes support for login forms from the Gravity Forms User Registration add-on (Premium version)
* Includes support for any and every third-party login form (Premium version) without any further coding needed via appending your TFA code to the end of your password
* Does not mention or request second factor until the user has been identified as one with TFA enabled (i.e. nothing is shown to users who do not have it enabled)
* WP Multisite compatible (plugin should be network activated)
* Simplified user interface and code base for ease of use and performance
* Added a number of extra security checks to the original forked code
* Alert users if someone appears to have found out their password, as indicated by successfully entering a password but repeatedly entering an incorrect TFA code.
Demo: https://www.simbahosting.co.uk/s3/product/two-factor-authentication/