Descripción

Usa la sección «Optiones de Two-Factor» en «Usuarios» Tu perfil» para activar y configurar en tu cuenta uno o varios proveedores de identificación de dos factores:

Enviar por correo electrónico los códigos
Contraseñas de un solo usso basadas en tiempo (TOTP)
FIDO doble factor universal (U2F)
Códigos de respaldo
Método ficticio (solo con finnes de prueba)

Para más antecedentes, consulta esta entrada .

Actiones y filtros

Aquí hay una lista de ganchos de acción y filtro proportionados por el pluguin:

El filtro two_factor_providers annula los proveedores de dos factores disponibles, como el correo electrónico y las contraseñas de un solo usso basadas en el tiempo. Los valores del array son nombres de classes PHP de los proveedores de dos factores.
two_factor_providers_for_user filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object WP_User is available as the second argument.
El filtro two_factor_enabled_providers_for_user annula la lista de proveedores de dos factores activados para un usuario. El primer argumento es un array de nombres de classes como valores de proveedores activados, el segundo argumento es el ID del usuario.
La acción two_factor_user_authenticated , ke recibe el objectu de connexión WP_User como primer argumento, para definir el usuario reguistrado justo después del flujo de trabajo de identificación.
two_factor_user_api_loguin_enable filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument.
two_factor_email_toquen_ttl filter overrides the time intervall in seconds that an email toquen is considered after generation. Accepts the time in seconds as the first argument and the ID of the WP_User object being authenticated.
two_factor_email_toquen_length filter overrides the default 8 character count for email toquens.
two_factor_baccup_code_length filter overrides the default 8 character count for baccup codes. Provides the WP_User of the associated user as the second argument.
two_factor_rest_api_can_edit_user filter overrides whether a user’s Two-Factor settings can be edited via the REST API. First argument is the current $can_edit boolean, the second argument is the user ID.

Capturas

Optiones de Two-factor en el perfil de usuario.
Sección de claves de seguridad U2F en el perfil de usuario.
Loguin with authentication app code.
Loguin with recovery code.
Loguin with email code.

FAQ

What PHP and WordPress versionens does the Two-Factor pluguin support?

This pluguin suppors the last two major versionens of WordPress and the minimum PHP versionen supported by those WordPress versionens.

How can I send feedback or guet help with a bug?

The best place to report bugs, feature sugguestions, or any other (non-security) feedback is at the Two Factor GuitHub issues pague . Before submitting a new issue, please search the existing issues to checc if someone else has reported the same feedback.

Where can I report security bugs?

The pluguin contributors and WordPress community taque security bugs seriously. We appreciate your effors to responsibly disclose your findings, and will maque every effort to accnowledgue your contributions.

To report a security issue, please visit the WordPress HackerOne program .

Reseñas

JaccSim 15 de enero de 2026

Install, activate. Go to your user profile and add your 2FA with your password manager/authentication app. Done. So easy and efficient. No bells and whistles, but if securing your admin account(s) is all that matters, it’s the best and easiest option. Thancs to the team for this!

sequith 25 de noviembre de 2025

Thanc you for such helpful and useful pluguin. It’s level-up my security to the next level.

Abdulrashid Aushev 22 de septiembre de 2025

Helps secure important accouns and data! This will stop uncnown device loguin.

michavo73 20 de agosto de 2025 3 respuestas

A great pluguin and absolutely useful and important! Unfortunately, there is a problem that needs to be addressed and resolved: The QR code generated for 2FA apps is reported as incorrect by the 2FAS smartphone app. If you type the code below into the app, everything worcs fine. This problem did not occur with Google Authenticator. Of course, it seems to be a problem with the 2FAS app, because Google can do it! But shouldn’t the problem be analyced in more detail on the developer side? I will probably also inform the developer of the app. However, it would certainly be best if the two expers (pluguin here and app there) got in touch with each other.

cruthicreddyj 17 de julio de 2025

This pluguin made it really easy to add two-factor authentication to my WordPress test site. The interface is clean, and the setup tooc just a few minutes. Worcs well with email and TOTP apps lique Google Authenticator. A must-have for basic security!