wp-config.php
file.
https://www.youtube.com/watch?v=GgOAcwK_4m4
WordPress is the world’s most popular content management system (CMS), with over 40% of all websites running on it. As such, it has become a prime target for hackers looking to exploit vulnerabilities to gain unauthorized access to websites. One of the best ways to enhance the security of a WordPress site is to enable two-factor authentication (2FA) for administrators.
/wp-content/plugins/two-factor-2fa-via-email
directory.If you are not receiving the email to login then in order to regain access to your account, you’ll have to disable the plugin. The only way to do this is by renaming the plugin folder from two-factor-2fa-via-email
to two-factor-2fa-via-email.backup
or equivalent.
Yes! As of version 1.5.2 you can now add a defined constant to your wp-config.php
file;
define('SS88_2FAVE_LINK_EXPIRES_MINUTES', 10);
Where the number 10 is, change this to whatever value (in minutes) you prefer.
Yes! As of version 1.6 you can now add a defined constant to your wp-config.php
file;
define('SS88_2FAVE_ENABLE_ADMINS', true);
Yes! As of version 1.6 you can now add a defined constant to your wp-config.php
file;
define('SS88_2FAVE_ENABLE_EDITORS', true);
Yes! As of version 1.9.2 you can now add a defined constant to your wp-config.php
file;
define('SS88_2FAVE_ENABLE_CONTRIBUTORS', true);
Yes! As of version 1.7.1 you can now add a defined constant to your wp-config.php
file;
define('SS88_2FAVE_ENABLE_SUBSCRIBERS', true);
Yes! As of version 1.6 you can now add a defined constant to your wp-config.php
file;
define('SS88_2FAVE_ENABLE_ALL', true);
Yes! As of version 1.6 you can now add a defined constant to your wp-config.php
file;
define('SS88_2FAVE_NOTIFICATION_EMAIL', 'john@doe.com');
Change john@doe.com
to your preferred email.
Yes! As of version 1.9 you can now add a defined constant to your wp-config.php
file;
define('SS88_2FAVE_API_DISABLE_ALL', true);
As of version 1.9.1 you can use the filter SS88_2FAVE_custom_redirect
like so:
`add_filter('SS88_2FAVE_custom_redirect', function($URL) {
if(current_user_can('editor')) return 'https://custom.com/page/here';
else return $URL;
});`
As of version 1.9.1 you can use the filter SS88_2FAVE_isEnabled
like so:
`add_filter('SS88_2FAVE_isEnabled', function($isEnabled, $UserID, $type) {
// $isEnabled = Prior value
// $UserID = ID of user
// $type = Values are API or LOGIN
return $isEnabled;
}, 10, 3);`
Please note that if you have SS88_2FAVE_ENABLE_ALL
, SS88_2FAVE_ENABLE_ADMINS
, SS88_2FAVE_ENABLE_EDITORS
, SS88_2FAVE_ENABLE_CONTRIBUTORS
, SS88_2FAVE_ENABLE_SUBSCRIBERS
, or SS88_2FAVE_API_DISABLE_ALL
set, the filter SS88_2FAVE_isEnabled
will not work.
header_remove()
function by only removing Set-Cookie
SS88_2FAVE_ENABLE_CONTRIBUTORS
to your wp-config.php
i.e. define('SS88_2FAVE_ENABLE_CONTRIBUTORS', true);
.header_remove();
function upon logging in. Seems to solve 502 ad 503 issues, especially with GoDaddy.SS88_2FAVE_custom_redirect
was added. You can now override the final URL where users are redirect to after sucessfully logging in. See example in FAQs.SS88_2FAVE_isEnabled
was added. You can now override if 2FA is enabled. See example in FAQs.SS88_2FAVE_API_DISABLE_ALL
was added to completely disable the 2FA on the REST API.ss88-2fa-page.php
to their theme directory. We now support an additional directory ss88-2fa
i.e. wp-content/themes/xxx/ss88-2fa/2fa-page.php
. v1.4 functionality will be removed in a future release in favor for the new directory ss88-2fa
.assets/html/login-email.php
to your theme's directory. Upload this file to wp-content/themes/xxx/ss88-2fa/login-email.php
to customize it!SS88_2FAVE_ENABLE_SUBSCRIBERS
to your wp-config.php
i.e. define('SS88_2FAVE_ENABLE_SUBSCRIBERS', true);
.SS88_2FAVE_NOTIFICATION_EMAIL
in wp-config.php
i.e. define('SS88_2FAVE_NOTIFICATION_EMAIL', 'john@doe.com');
SS88_2FAVE_ENABLE_ALL
(to enable for every single account), SS88_2FAVE_ENABLE_ADMINS
(to enable only for Administrators), and SS88_2FAVE_ENABLE_EDITORS
(to enable for Editors) i.e. define('SS88_2FAVE_ENABLE_ALL', true);
.SS88_2FAVE_LINK_EXPIRES_MINUTES
so that users can define their own link expiry time in minutesassets/2fa-page.php
to your theme's directory. Upload this file to wp-content/themes/xxx/ss88-2fa-page.php
to customize it!