Rat Two-Factor Authentication

Beskrivelse

Rat Two-Factor Authentication is a lightweight yet powerful security plugin that adds an extra layer of protection to your WordPress site through email-based One-Time Password (OTP) verification.

Key Features

• Email-based OTP verification – Secure 6-digit codes sent to user’s email
• Lightweight and fast – Minimal impact on site performance
• User-friendly interface – Clean, responsive design that works on all devices
• Flexible settings – Enable 2FA globally or per user
• Role-based requirements – Require 2FA for specific user roles
• Session management – Secure session handling with timeout protection
• AJAX-powered – Smooth user experience without page reloads
• Auto-submit functionality – Automatically submits form when 6 digits are entered
• Resend functionality – Users can request new codes with cooldown protection
• Mobile-friendly – Optimized for mobile login experiences
• Security-first – Nonce protection, input sanitization, and secure coding practices

How It Works

1. User enters their username and password normally
2. If 2FA is enabled, they’re redirected to an OTP verification screen
3. A 6-digit code is sent to their registered email address
4. User enters the code to complete login
5. Code expires after 10 minutes for security

Perfect For

• Business websites requiring enhanced security
• E-commerce stores protecting customer accounts
• Membership sites with sensitive user data
• Multi-author blogs securing contributor access
• Any WordPress site wanting better login security

Admin Features

• Global 2FA setting – Enable for all users
• Force 2FA option – Make it mandatory for selected roles
• Role-based configuration – Choose which roles require 2FA
• User profile integration – Users can enable/disable 2FA individually
• Clean admin interface – Easy to configure and manage

Developer Friendly

• Well-documented code with inline comments
• WordPress coding standards compliant
• Hook system for customization
• Lightweight codebase for easy modification
• No external dependencies – Pure WordPress integration

Security Features

• Nonce verification for all AJAX requests
• Input sanitization and validation
• Secure OTP generation using WordPress built-in functions
• Session timeout protection (10 minutes)
• Rate limiting on resend requests
• No plain text storage of OTP codes

Configuration

Global Settings

Navigate to Settings > Two-Factor Auth to configure:

• Enable 2FA Globally: Turn on 2FA for all users
• Force 2FA for All Users: Make 2FA mandatory regardless of user preference
• Required User Roles: Select specific roles that must use 2FA

User Settings

Each user can enable/disable 2FA in their profile:

1. Go to Users > Profile (or Users > Your Profile)
2. Find the «Two-Factor Authentication» section
3. Check «Enable 2FA» to activate for that user
4. Save the profile

Email Configuration

The plugin uses WordPress’s built-in wp_mail() function. Ensure your site can send emails properly. Consider using:

• SMTP plugins for reliable email delivery
• Email services like SendGrid, Mailgun, or Amazon SES
• Proper SPF/DKIM records for your domain

Support

For support, feature requests, or bug reports:

• Plugin Support: WordPress.org Support Forum
• Documentation: Available in the plugin’s admin area
• Bug Reports: Please provide detailed information about your setup

Contributing

We welcome contributions! The plugin follows WordPress coding standards and best practices.

Privacy Policy

This plugin:
* Stores minimal user data (2FA preference and temporary OTP hashes)
* Does not send data to external services
* Uses WordPress’s built-in email system
* Follows WordPress privacy guidelines
* Allows data export/erasure as per GDPR requirements

Technical Requirements

• WordPress 5.0 or higher
• PHP 7.4 or higher
• MySQL 5.6 or higher (or equivalent MariaDB)
• Ability to send emails from WordPress
• Modern web browser with JavaScript enabled

Credits

Developed with ❤️ by the Rat Plugins team, focused on creating lightweight, powerful, and user-friendly WordPress plugins.

License

This plugin is licensed under the GPL v2 or later.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.