WordPress Email Two-Factor Authentication

The Email Two-Factor Authentication Plugin elevates the security of your WordPress site by adding an extra layer of protection. Along with your standard username and password, this plugin generates a unique, time-sensitive code delivered via email, giving you two-factor authentication (2FA).

Email TFA verification screen

Features

  • Secure Login: Ensures that only authorised users can access your site. Even if someone steals your password, they would still need access to your registered email to log in.
  • Easy Integration: Seamlessly integrates into your existing WordPress login system. It does not require modifying your site's existing infrastructure.
  • Customisable: You can enable two-factor authentication for all users or specific user profiles (like administrators, editors, etc.). This customization offers flexibility according to your needs.
  • User-friendly: Requires no technical skills from your users. They just have to enter the code received in the email, after entering with their username and password.

Installation

Integration of the Email Two-Factor Authentication Plugin with your WordPress site is a hassle-free process. Simply download the plugin from here: https://wordpress.org/plugins/email-tfa/ - or install directly from your WordPress admin panel.

Usage

After enabling the plugin, please visit the settings page at https://your-site/wp-admin/admin.php?page=email-tfa-settings. You will then be able to configure the plugin to suit your requirements and enable two-factor authentication per user or using the bulk operation tab.

Once enabled for each user, they will be prompted to enter a code sent to the email address associated with their user profile when signing into your WordPress site. This functionality improves the overall security of your site and can give both administrators and end users peace of mind.

Customising the Email Template

The plugin first checks your theme directory for a file named email-tfa-mail-template.php. If it’s not found there, it falls back to the default template located at email-tfa/templates/email/email-tfa-mail-template.php within the plugin directory.

This template is used for the email sent to your users. To customise the email—for example, by adding a logo, header, or footer—create or modify the email-tfa-mail-template.php file in your theme directory.

For changes to the message content included in the two-factor authentication email body, refer to the General Settings Page documentation below.

General Settings Page

Email TFA general settings page

The Email Two-Factor Authentication (TFA) Settings page allows administrators to manage how Two-Factor Authentication works for their WordPress site. This feature ensures enhanced security for user accounts by requiring an additional temporary code sent via email during login.

What You Can Configure

  1. Enable or Disable Email TFA
    • You can turn the Two-Factor Authentication feature on or off by checking the "Enable Two-Factor Authentication" box.
  2. Set the Code Expiry Time
    • Enter the number of minutes the authentication code is valid. This controls how long users have to enter their email code before it expires.
  3. Handle Email Delivery Issues
    • Enable the failsafe option to bypass Two-Factor Authentication if email delivery fails. This helps if users cannot receive their authentication code due to email server issues.
  4. Customize the Email Subject
    • Specify a custom subject line for the email containing the authentication code.
  5. Customize the Email Content
    • Use the provided text editor to write or modify the email content sent to users.
    • You can use the placeholder [EMAIL_TFA_CODE], which will be replaced with the actual authentication code in the email.
    • Available WordPress Shortcodes: [EMAIL_TFA_CODE], [EMAIL_TFA_USER_FIRST_NAME], [EMAIL_TFA_USER_LAST_NAME], [EMAIL_TFA_USER_DISPLAY_NAME], [EMAIL_TFA_USER_NICE_NAME], [EMAIL_TFA_USER_EMAIL], [EMAIL_TFA_USER_NAME]. An additional fallback parameter is provided which will help with missing user data e.g. [EMAIL_TFA_USER_FIRST_NAME fallback="display_name"] will attempt to show a user's first name and fallback to the user's display name if nothing is found.

How to Save Your Changes

After making any updates:

  1. Scroll to the bottom of the page.
  2. Click the "Save Changes" button to apply your updates.

Additional Information

  • Failsafe Option: If enabled, users will be allowed to log in without entering a code if there is a problem sending the email. Use this option cautiously, as it lowers security in specific situations.
  • Email Editor: The text editor lets you include personalized instructions or information in the TFA email, making the communication clear and user-friendly.

User Management

Email TFA user management screen

The Users tab in the Email TFA settings helps you manage Two-Factor Authentication (TFA) on a per-user basis. Using this page, administrators can enable or disable TFA for multiple users and review the current TFA status of their site's users in a simple table view.

What You Can Do On This Page

  1. Search for Users
    • Use the Search Users field to quickly find a specific user.
  2. Enable Two-Factor Authentication for Users
    • Select one or more users from the list by checking their respective boxes.
    • Click Enable 2FA to activate Two-Factor Authentication for the selected users.
  3. Disable Two-Factor Authentication for Users
    • Select one or more users from the list.
    • Click Disable 2FA to turn off Two-Factor Authentication for the selected users.
  4. View User Information
    • A user table displays relevant information, such as:
      • Username
      • Email Address
      • TFA Status (enabled or disabled)

How to Use This Page

  1. Search for Users:
    • Enter a username or email address into the Search Users bar and press "Search".
  2. Select Users:
    • Use the checkboxes next to the usernames to select one or more users.
    • You can also "Select All" to apply changes to all users listed on the table.
  3. Enable or Disable TFA:
    • After selecting users:
      • Click Enable 2FA to activate Two-Factor Authentication for them.
      • Or click Disable 2FA to deactivate it.
    • The changes will be saved once the button is clicked.
  4. Save Changes:
    • All actions (enable/disable) are completed instantly upon clicking the buttons, and you will see a confirmation message ("Settings saved").

Key Features of the Users Tab

  • Simple Table View: The user table makes it easy to review user details and current TFA status.
  • Bulk Actions: Apply changes to multiple users simultaneously with the checkbox selection and the Enable 2FA or Disable 2FA buttons.
  • Quick User Search: Quickly find users using the Search Users field to streamline your workflow.
  • Security Built-In: All updates are protected with WordPress nonces to ensure secure processing of any changes to user settings.

Additional Notes

  • The Select All option (when enabled) allows you to apply TFA changes to all filtered users currently visible in the table.
  • The TFA status of users is stored automatically, ensuring only selected users are affected by your changes.
  • Always confirm changes using the confirmation message ("Settings saved") that appears after actions are completed.

Bulk Operations

Email TFA bulk operations page

The Bulk Operations tab enables you to manage Two-Factor Authentication settings for entire user groups based on their roles. This is especially useful for quickly enabling or disabling TFA for large sets of users without manually updating individual accounts.

What You Can Do On This Page

  1. Select User Roles
    • Choose one or more user roles (e.g., Administrator, Editor, Subscriber) to apply bulk changes.
  2. Enable TFA for All Users in Selected Roles
    • Enable Two-Factor Authentication for every user within the selected roles.
  3. Disable TFA for All Users in Selected Roles
    • Disable Two-Factor Authentication for all users that belong to the selected roles.
  4. Save Changes
    • Confirm your updates with the "Save Changes" button to apply the settings across the selected user roles.

How to Use This Page

  1. Select User Roles:
    • Use the checkboxes next to each role to choose user groups to update.
    • For example, you can select "Subscriber" and "Contributor" if you want to apply the action to both groups.
  2. Choose Action (Enable or Disable TFA):
    • Choose one of the following bulk actions:
      • Enable for all users with selected roles: Activates TFA for everyone in the selected roles.
      • Disable for all users with selected roles: Deactivates TFA across all users in the selected roles.
  3. Save Your Changes:
    • After selecting the user roles and action, click the Save Changes button to confirm the updates.
  4. Confirmation:
    • A success message ("Settings saved") will appear once the changes are applied.

Key Features of the Bulk Operations Tab

  • Role-Based Bulk Updates:
    Easily manage TFA for large user groups by working with roles rather than individuals.
  • Clear Actions:
    Choose whether to enable or disable TFA for all users within selected roles.
  • Time-Efficient Management:
    Update settings for hundreds of users at once without needing to update each account individually.
  • Secure Changes:
    The page is protected with WordPress’ security measures to ensure that all updates are verified and safe.

Additional Notes

  • Think carefully before applying bulk changes.
    • Enable TFA: This will require users in the selected roles to authenticate with email TFA during their next login.
    • Disable TFA: This removes the requirement, reducing login security for those users.
  • If you select multiple roles, the action will be applied to every user in all the selected roles.

This page simplifies the process of managing Two-Factor Authentication for multiple users at once, ensuring security at scale while saving you time.

More Like This

Powered by AI

XML sitemap plugin

Wordpress Google News XML Sitemap Plugin

This plugin provides a Google News XML Sitemap for WordPress that lists the most recent 1000 articles published in the past two days that are marked to be included in an auto-generated Google Sitemap News XML file in accordance with the standards detailed on the Creating a Google News sitemap page here: https://support.google.com/news/publisher/answer/74288?hl=en-GB https://en-gb.wordpress.org/plugins/xml-news-sitemap/

Wordpress Logo

WordPress Tutorial: Custom Login Logo

Creating a branded experience for your clients is important as it adds value to the finished product and makes the user experience more refined.The standard WordPress admin login panel uses a generic WordPress logo which links to WordPress.org. This isn't ideal as it is confusing for editors and users alike.By adding the following code to your themes functions.php file you can provide your own logo which links to the your sites home page.

Wordpress Logo

WordPress Tutorial: Lock Themes and Restrict Access

If you run a blog with multiple administrators, there are probably times where you will want to restrict access to theme selection. This is help to prevent unwitting administrators from accidentally changing themes - trust me, an editor has done this to a site I was managing serving 10k+ impressions a day! Embarrassing...To lock themes to only the user with the ID of 1 use the following code.

Looking for Expert WordPress or Drupal development?

I am a freelance website developer and designer based in the UK. I work as a remote Drupal developer, WordPress developer and Front-end developer for a variety of startups, charities and international businesses in Bristol, Bath, London and Europe. You can learn more about me by visiting my resume page.

Get in touch for a free quote on your next project and if you want to connect me with then check out my LinkedIn profile.