{"id":241872,"date":"2025-09-23T12:49:27","date_gmt":"2025-09-23T12:49:27","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/rat-two-factor-authentication\/"},"modified":"2025-09-23T12:49:04","modified_gmt":"2025-09-23T12:49:04","slug":"rat-two-factor-authentication","status":"publish","type":"plugin","link":"https:\/\/ja.wordpress.org\/plugins\/rat-two-factor-authentication\/","author":23310733,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.1","stable_tag":"trunk","tested":"6.8.5","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"Rat Two-Factor Authentication","header_author":"rathsh","header_description":"Lightweight and powerful Two-Factor Authentication plugin for WordPress with email-based OTP verification.","assets_banners_color":"1c4b65","last_updated":"2025-09-23 12:49:04","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/www.rathsh.app\/wordpress-plugins\/rat-two-factor-authentication","header_author_uri":"https:\/\/www.rathsh.app\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":206,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":{"1.0.1":"<p>Initial release of Rat Two-Factor Authentication. Install to add powerful 2FA security to your WordPress site.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":3366509,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":3366509,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":3366509,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3366509,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"<strong>Admin Settings Page<\/strong> - Configure global 2FA settings and role requirements","2":"<strong>User Profile Settings<\/strong> - Individual user 2FA enable\/disable option","3":"<strong>Login OTP Screen<\/strong> - Clean, user-friendly verification interface","4":"<strong>Mobile Login View<\/strong> - Responsive design optimized for mobile devices","5":"<strong>Email OTP Example<\/strong> - Sample verification email sent to users"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[9211,710,9210,600,9217],"plugin_category":[38,54],"plugin_contributors":[244061],"plugin_business_model":[],"class_list":["post-241872","plugin","type-plugin","status-publish","hentry","plugin_tags-2fa","plugin_tags-authentication","plugin_tags-otp","plugin_tags-security","plugin_tags-two-factor","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-rathsh","plugin_committers-rathsh"],"banners":{"banner":"https:\/\/ps.w.org\/rat-two-factor-authentication\/assets\/banner-772x250.jpg?rev=3366509","banner_2x":"https:\/\/ps.w.org\/rat-two-factor-authentication\/assets\/banner-1544x500.jpg?rev=3366509","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/rat-two-factor-authentication\/assets\/icon-128x128.jpg?rev=3366509","icon_2x":"https:\/\/ps.w.org\/rat-two-factor-authentication\/assets\/icon-256x256.jpg?rev=3366509","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Rat Two-Factor Authentication<\/strong> is a lightweight yet powerful security plugin that adds an extra layer of protection to your WordPress site through email-based One-Time Password (OTP) verification.<\/p>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><strong>Email-based OTP verification<\/strong> - Secure 6-digit codes sent to user's email<\/li>\n<li><strong>Lightweight and fast<\/strong> - Minimal impact on site performance<\/li>\n<li><strong>User-friendly interface<\/strong> - Clean, responsive design that works on all devices<\/li>\n<li><strong>Flexible settings<\/strong> - Enable 2FA globally or per user<\/li>\n<li><strong>Role-based requirements<\/strong> - Require 2FA for specific user roles<\/li>\n<li><strong>Session management<\/strong> - Secure session handling with timeout protection<\/li>\n<li><strong>AJAX-powered<\/strong> - Smooth user experience without page reloads<\/li>\n<li><strong>Auto-submit functionality<\/strong> - Automatically submits form when 6 digits are entered<\/li>\n<li><strong>Resend functionality<\/strong> - Users can request new codes with cooldown protection<\/li>\n<li><strong>Mobile-friendly<\/strong> - Optimized for mobile login experiences<\/li>\n<li><strong>Security-first<\/strong> - Nonce protection, input sanitization, and secure coding practices<\/li>\n<\/ul>\n\n<h4>How It Works<\/h4>\n\n<ol>\n<li>User enters their username and password normally<\/li>\n<li>If 2FA is enabled, they're redirected to an OTP verification screen<\/li>\n<li>A 6-digit code is sent to their registered email address<\/li>\n<li>User enters the code to complete login<\/li>\n<li>Code expires after 10 minutes for security<\/li>\n<\/ol>\n\n<h4>Perfect For<\/h4>\n\n<ul>\n<li><strong>Business websites<\/strong> requiring enhanced security<\/li>\n<li><strong>E-commerce stores<\/strong> protecting customer accounts<\/li>\n<li><strong>Membership sites<\/strong> with sensitive user data<\/li>\n<li><strong>Multi-author blogs<\/strong> securing contributor access<\/li>\n<li><strong>Any WordPress site<\/strong> wanting better login security<\/li>\n<\/ul>\n\n<h4>Admin Features<\/h4>\n\n<ul>\n<li><strong>Global 2FA setting<\/strong> - Enable for all users<\/li>\n<li><strong>Force 2FA option<\/strong> - Make it mandatory for selected roles<\/li>\n<li><strong>Role-based configuration<\/strong> - Choose which roles require 2FA<\/li>\n<li><strong>User profile integration<\/strong> - Users can enable\/disable 2FA individually<\/li>\n<li><strong>Clean admin interface<\/strong> - Easy to configure and manage<\/li>\n<\/ul>\n\n<h4>Developer Friendly<\/h4>\n\n<ul>\n<li><strong>Well-documented code<\/strong> with inline comments<\/li>\n<li><strong>WordPress coding standards<\/strong> compliant<\/li>\n<li><strong>Hook system<\/strong> for customization<\/li>\n<li><strong>Lightweight codebase<\/strong> for easy modification<\/li>\n<li><strong>No external dependencies<\/strong> - Pure WordPress integration<\/li>\n<\/ul>\n\n<h4>Security Features<\/h4>\n\n<ul>\n<li><strong>Nonce verification<\/strong> for all AJAX requests<\/li>\n<li><strong>Input sanitization<\/strong> and validation<\/li>\n<li><strong>Secure OTP generation<\/strong> using WordPress built-in functions<\/li>\n<li><strong>Session timeout<\/strong> protection (10 minutes)<\/li>\n<li><strong>Rate limiting<\/strong> on resend requests<\/li>\n<li><strong>No plain text storage<\/strong> of OTP codes<\/li>\n<\/ul>\n\n<h3>Configuration<\/h3>\n\n<h4>Global Settings<\/h4>\n\n<p>Navigate to <strong>Settings &gt; Two-Factor Auth<\/strong> to configure:<\/p>\n\n<ul>\n<li><strong>Enable 2FA Globally<\/strong>: Turn on 2FA for all users<\/li>\n<li><strong>Force 2FA for All Users<\/strong>: Make 2FA mandatory regardless of user preference<\/li>\n<li><strong>Required User Roles<\/strong>: Select specific roles that must use 2FA<\/li>\n<\/ul>\n\n<h4>User Settings<\/h4>\n\n<p>Each user can enable\/disable 2FA in their profile:<\/p>\n\n<ol>\n<li>Go to <strong>Users &gt; Profile<\/strong> (or <strong>Users &gt; Your Profile<\/strong>)<\/li>\n<li>Find the \"Two-Factor Authentication\" section<\/li>\n<li>Check \"Enable 2FA\" to activate for that user<\/li>\n<li>Save the profile<\/li>\n<\/ol>\n\n<h4>Email Configuration<\/h4>\n\n<p>The plugin uses WordPress's built-in <code>wp_mail()<\/code> function. Ensure your site can send emails properly. Consider using:<\/p>\n\n<ul>\n<li>SMTP plugins for reliable email delivery<\/li>\n<li>Email services like SendGrid, Mailgun, or Amazon SES<\/li>\n<li>Proper SPF\/DKIM records for your domain<\/li>\n<\/ul>\n\n<h3>Support<\/h3>\n\n<p>For support, feature requests, or bug reports:<\/p>\n\n<ul>\n<li><strong>Plugin Support<\/strong>: <a href=\"https:\/\/wordpress.org\/support\/plugin\/rat-two-factor-authentication\">WordPress.org Support Forum<\/a><\/li>\n<li><strong>Documentation<\/strong>: Available in the plugin's admin area<\/li>\n<li><strong>Bug Reports<\/strong>: Please provide detailed information about your setup<\/li>\n<\/ul>\n\n<h3>Contributing<\/h3>\n\n<p>We welcome contributions! The plugin follows WordPress coding standards and best practices.<\/p>\n\n<h3>Privacy Policy<\/h3>\n\n<p>This plugin:\n* Stores minimal user data (2FA preference and temporary OTP hashes)\n* Does not send data to external services\n* Uses WordPress's built-in email system\n* Follows WordPress privacy guidelines\n* Allows data export\/erasure as per GDPR requirements<\/p>\n\n<h3>Technical Requirements<\/h3>\n\n<ul>\n<li>WordPress 5.0 or higher<\/li>\n<li>PHP 7.4 or higher<\/li>\n<li>MySQL 5.6 or higher (or equivalent MariaDB)<\/li>\n<li>Ability to send emails from WordPress<\/li>\n<li>Modern web browser with JavaScript enabled<\/li>\n<\/ul>\n\n<h3>Credits<\/h3>\n\n<p>Developed with \u2764\ufe0f by the Rat Plugins team, focused on creating lightweight, powerful, and user-friendly WordPress plugins.<\/p>\n\n<h3>License<\/h3>\n\n<p>This plugin is licensed under the GPL v2 or later.<\/p>\n\n<blockquote>\n  <p>This program is free software; you can redistribute it and\/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.<\/p>\n  \n  <p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.<\/p>\n<\/blockquote>\n\n<!--section=installation-->\n<h4>Automatic Installation<\/h4>\n\n<ol>\n<li>Login to your WordPress admin panel<\/li>\n<li>Navigate to Plugins &gt; Add New<\/li>\n<li>Search for \"Rat Two-Factor Authentication\"<\/li>\n<li>Click \"Install Now\" and then \"Activate\"<\/li>\n<\/ol>\n\n<h4>Manual Installation<\/h4>\n\n<ol>\n<li>Download the plugin zip file<\/li>\n<li>Upload it to <code>\/wp-content\/plugins\/<\/code> directory<\/li>\n<li>Extract the zip file<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<\/ol>\n\n<h4>After Installation<\/h4>\n\n<ol>\n<li>Go to Settings &gt; Two-Factor Auth<\/li>\n<li>Configure your preferred settings<\/li>\n<li>Enable 2FA for your user account in your profile<\/li>\n<li>Test the functionality<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='is%20this%20plugin%20free%3F'><h3>Is this plugin free?<\/h3><\/dt>\n<dd><p>Yes, Rat Two-Factor Authentication is completely free and open-source.<\/p><\/dd>\n<dt id='does%20it%20work%20with%20any%20email%20provider%3F'><h3>Does it work with any email provider?<\/h3><\/dt>\n<dd><p>Yes, it works with any email provider as it uses WordPress's standard email system.<\/p><\/dd>\n<dt id='can%20i%20customize%20the%20email%20template%3F'><h3>Can I customize the email template?<\/h3><\/dt>\n<dd><p>Yes, you can use WordPress hooks to customize the email content and styling.<\/p><\/dd>\n<dt id='what%20happens%20if%20a%20user%20loses%20access%20to%20their%20email%3F'><h3>What happens if a user loses access to their email?<\/h3><\/dt>\n<dd><p>Administrators can disable 2FA for any user from their profile page in the admin area.<\/p><\/dd>\n<dt id='does%20it%20work%20with%20other%20security%20plugins%3F'><h3>Does it work with other security plugins?<\/h3><\/dt>\n<dd><p>Yes, it's designed to work alongside other security plugins without conflicts.<\/p><\/dd>\n<dt id='is%20it%20compatible%20with%20multisite%3F'><h3>Is it compatible with multisite?<\/h3><\/dt>\n<dd><p>The plugin works on multisite installations and can be configured per site.<\/p><\/dd>\n<dt id='how%20secure%20are%20the%20otp%20codes%3F'><h3>How secure are the OTP codes?<\/h3><\/dt>\n<dd><p>OTP codes are generated using WordPress's secure random functions and are hashed before storage.<\/p><\/dd>\n<dt id='can%20i%20change%20the%20code%20expiry%20time%3F'><h3>Can I change the code expiry time?<\/h3><\/dt>\n<dd><p>Currently set to 10 minutes, but developers can modify this using plugin hooks.<\/p><\/dd>\n<dt id='does%20it%20support%20app-based%20authentication%3F'><h3>Does it support app-based authentication?<\/h3><\/dt>\n<dd><p>This version focuses on email-based OTP. App-based authentication may be added in future versions.<\/p><\/dd>\n<dt id='is%20there%20a%20premium%20version%3F'><h3>Is there a premium version?<\/h3><\/dt>\n<dd><p>Currently, there's only the free version with all features included.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.1 - 2024-12-19<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Email-based OTP verification<\/li>\n<li>User and admin interfaces<\/li>\n<li>Role-based requirements<\/li>\n<li>Session management<\/li>\n<li>AJAX functionality<\/li>\n<li>Mobile optimization<\/li>\n<li>Security implementations<\/li>\n<li>WordPress 6.4 compatibility<\/li>\n<\/ul>","raw_excerpt":"Lightweight and powerful Two-Factor Authentication plugin for WordPress with email-based OTP verification.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/241872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=241872"}],"author":[{"embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/rathsh"}],"wp:attachment":[{"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=241872"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=241872"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=241872"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=241872"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=241872"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ja.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=241872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}