Description
This plugin enhances the security of your WordPress website by adding a simple but effective two-factor authentication (2FA) screen after a successful password login.
Instead of adding fields to the main login page (which can cause conflicts), this plugin waits until a user has correctly entered their username and password. Then, it intercepts the login and presents them with a clean, separate screen to enter their 6-digit code from an authenticator app (like Google Authenticator, Authy, etc.).
This method is more secure, more compatible, and provides a smoother user experience.
Features:
Secure Post-Login Verification: 2FA check happens on a separate screen, after the password is correct.
Easy Setup: A simple « Usama 2FA » menu page for each user to scan a QR code and activate 2FA.
Backup Codes: On activation, 10 one-time-use backup codes are generated in case you lose your phone.
Regenerate Codes: You can generate new backup codes at any time from the settings page.
Lightweight & Simple: No bloat. Just the essential 2FA features.
Per-User: 2FA is enabled on a per-user basis. Administrators cannot control 2FA for other users.
External services
This plugin connects to a third-party API to generate the QR codes used during setup.
Service: goqr.me API (https://www.google.com/search?q=api.qrserver.com)
Usage: Used only once during setup to generate a QR code image that users scan with their authenticator app.
Data Sent: The API receives the user’s email address and the generated secret key (inside the OTPAuth URL) to create the image. This data is not stored by the service.
Provider: Foundata GmbH
Terms of Use: Terms of Use
Privacy Policy: Privacy Policy
Captures d’écran
The simple « 2FA Security » settings page in the admin dashboard.
The QR code and activation step.
The post-activation screen, showing the one-time backup codes.
The separate 2FA verification screen that appears after a successful password login.
Installation
From your WordPress Dashboard (Recommended):
Navigate to Plugins > Add New.
In the search bar, type « Usama Simple 2FA Authenticator ».
Click « Install Now » on the plugin.
Click « Activate ».
Once activated, a new « 2FA Security » menu will appear in your admin sidebar. Click on it to set up your 2FA.
Manual Installation (from .zip):
Download the plugin .zip file.
Navigate to Plugins > Add New in your WordPress dashboard.
Click the « Upload Plugin » button at the top of the page.
Select the .zip file you downloaded and click « Install Now ».
Click « Activate ».
Go to the « 2FA Security » menu in your sidebar to set up.
FAQ
What authenticator apps does this work with?
This plugin uses the standard TOTP (Time-based One-Time Password) algorithm. It works perfectly with:
Google Authenticator
Authy
Microsoft Authenticator
1Password
LastPass Authenticator
…and any other standard TOTP app.
What happens if I lose my phone?
When you first activate 2FA, the plugin provides you with 10 one-time-use backup codes. You must save these in a secure place (like a password manager or a printed document). If you lose your phone, you can use one of these backup codes in place of the 6-digit authenticator code to log in.
How do I get new backup codes?
Go to the « 2FA Security » page in your admin dashboard. You will see an option to « Generate New Backup Codes ». This will invalidate all of your old codes and create a new set for you.
Is this plugin secure?
Yes. Your secret key is stored securely in your user’s metadata, and the login check uses a separate, temporary key (a « transient ») to manage the post-login verification step. All codes are checked using standard, secure cryptographic methods.
Avis
Il n’y a aucun avis pour cette extension.
Contributeurs & développeurs
« Usama Simple 2FA Authenticator » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.
Contributeurs
Traduisez « Usama Simple 2FA Authenticator » dans votre langue.
Le développement vous intéresse ?
Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.
Journal
1.0.0
Initial public release.
Added post-login 2FA verification screen.
Added user-specific admin menu for 2FA setup.
Implemented QR code and manual key setup.
Implemented backup code generation and verification.