Title: Rat Two-Factor Authentication
Author: rathsh
Published: <strong>2025 年 9 月 23 日</strong>
Last modified: 2025 年 9 月 23 日

---

搜索插件

![](https://ps.w.org/rat-two-factor-authentication/assets/banner-772x250.jpg?rev
=3366509)

![](https://ps.w.org/rat-two-factor-authentication/assets/icon-256x256.jpg?rev=3366509)

# Rat Two-Factor Authentication

 作者：[rathsh](https://profiles.wordpress.org/rathsh/)

[下载](https://downloads.wordpress.org/plugin/rat-two-factor-authentication.zip)

 * [详情](https://cn.wordpress.org/plugins/rat-two-factor-authentication/#description)
 * [评价](https://cn.wordpress.org/plugins/rat-two-factor-authentication/#reviews)
 *  [安装](https://cn.wordpress.org/plugins/rat-two-factor-authentication/#installation)
 * [开发进展](https://cn.wordpress.org/plugins/rat-two-factor-authentication/#developers)

 [支持](https://wordpress.org/support/plugin/rat-two-factor-authentication/)

## 描述

**Rat Two-Factor Authentication** is a lightweight yet powerful security plugin 
that adds an extra layer of protection to your WordPress site through email-based
One-Time Password (OTP) verification.

#### Key Features

 * **Email-based OTP verification** – Secure 6-digit codes sent to user’s email
 * **Lightweight and fast** – Minimal impact on site performance
 * **User-friendly interface** – Clean, responsive design that works on all devices
 * **Flexible settings** – Enable 2FA globally or per user
 * **Role-based requirements** – Require 2FA for specific user roles
 * **Session management** – Secure session handling with timeout protection
 * **AJAX-powered** – Smooth user experience without page reloads
 * **Auto-submit functionality** – Automatically submits form when 6 digits are 
   entered
 * **Resend functionality** – Users can request new codes with cooldown protection
 * **Mobile-friendly** – Optimized for mobile login experiences
 * **Security-first** – Nonce protection, input sanitization, and secure coding 
   practices

#### How It Works

 1. User enters their username and password normally
 2. If 2FA is enabled, they’re redirected to an OTP verification screen
 3. A 6-digit code is sent to their registered email address
 4. User enters the code to complete login
 5. Code expires after 10 minutes for security

#### Perfect For

 * **Business websites** requiring enhanced security
 * **E-commerce stores** protecting customer accounts
 * **Membership sites** with sensitive user data
 * **Multi-author blogs** securing contributor access
 * **Any WordPress site** wanting better login security

#### Admin Features

 * **Global 2FA setting** – Enable for all users
 * **Force 2FA option** – Make it mandatory for selected roles
 * **Role-based configuration** – Choose which roles require 2FA
 * **User profile integration** – Users can enable/disable 2FA individually
 * **Clean admin interface** – Easy to configure and manage

#### Developer Friendly

 * **Well-documented code** with inline comments
 * **WordPress coding standards** compliant
 * **Hook system** for customization
 * **Lightweight codebase** for easy modification
 * **No external dependencies** – Pure WordPress integration

#### Security Features

 * **Nonce verification** for all AJAX requests
 * **Input sanitization** and validation
 * **Secure OTP generation** using WordPress built-in functions
 * **Session timeout** protection (10 minutes)
 * **Rate limiting** on resend requests
 * **No plain text storage** of OTP codes

### Configuration

#### Global Settings

Navigate to **Settings > Two-Factor Auth** to configure:

 * **Enable 2FA Globally**: Turn on 2FA for all users
 * **Force 2FA for All Users**: Make 2FA mandatory regardless of user preference
 * **Required User Roles**: Select specific roles that must use 2FA

#### User Settings

Each user can enable/disable 2FA in their profile:

 1. Go to **Users > Profile** (or **Users > Your Profile**)
 2. Find the “Two-Factor Authentication” section
 3. Check “Enable 2FA” to activate for that user
 4. Save the profile

#### Email Configuration

The plugin uses WordPress’s built-in `wp_mail()` function. Ensure your site can 
send emails properly. Consider using:

 * SMTP plugins for reliable email delivery
 * Email services like SendGrid, Mailgun, or Amazon SES
 * Proper SPF/DKIM records for your domain

### Support

For support, feature requests, or bug reports:

 * **Plugin Support**: [WordPress.org Support Forum](https://wordpress.org/support/plugin/rat-two-factor-authentication)
 * **Documentation**: Available in the plugin’s admin area
 * **Bug Reports**: Please provide detailed information about your setup

### Contributing

We welcome contributions! The plugin follows WordPress coding standards and best
practices.

### Privacy Policy

This plugin:
 * Stores minimal user data (2FA preference and temporary OTP hashes)*
Does not send data to external services * Uses WordPress’s built-in email system*
Follows WordPress privacy guidelines * Allows data export/erasure as per GDPR requirements

### Technical Requirements

 * WordPress 5.0 or higher
 * PHP 7.4 or higher
 * MySQL 5.6 or higher (or equivalent MariaDB)
 * Ability to send emails from WordPress
 * Modern web browser with JavaScript enabled

### Credits

Developed with ❤️ by the Rat Plugins team, focused on creating lightweight, powerful,
and user-friendly WordPress plugins.

### License

This plugin is licensed under the GPL v2 or later.

> This program is free software; you can redistribute it and/or modify it under 
> the terms of the GNU General Public License as published by the Free Software 
> Foundation; either version 2 of the License, or (at your option) any later version.
> This program is distributed in the hope that it will be useful, but WITHOUT ANY
> WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 
> A PARTICULAR PURPOSE. See the GNU General Public License for more details.

## 安装

#### Automatic Installation

 1. Login to your WordPress admin panel
 2. Navigate to Plugins > Add New
 3. Search for “Rat Two-Factor Authentication”
 4. Click “Install Now” and then “Activate”

#### Manual Installation

 1. Download the plugin zip file
 2. Upload it to `/wp-content/plugins/` directory
 3. Extract the zip file
 4. Activate the plugin through the ‘Plugins’ menu in WordPress

#### After Installation

 1. Go to Settings > Two-Factor Auth
 2. Configure your preferred settings
 3. Enable 2FA for your user account in your profile
 4. Test the functionality

## 常见问题

### Is this plugin free?

Yes, Rat Two-Factor Authentication is completely free and open-source.

### Does it work with any email provider?

Yes, it works with any email provider as it uses WordPress’s standard email system.

### Can I customize the email template?

Yes, you can use WordPress hooks to customize the email content and styling.

### What happens if a user loses access to their email?

Administrators can disable 2FA for any user from their profile page in the admin
area.

### Does it work with other security plugins?

Yes, it’s designed to work alongside other security plugins without conflicts.

### Is it compatible with multisite?

The plugin works on multisite installations and can be configured per site.

### How secure are the OTP codes?

OTP codes are generated using WordPress’s secure random functions and are hashed
before storage.

### Can I change the code expiry time?

Currently set to 10 minutes, but developers can modify this using plugin hooks.

### Does it support app-based authentication?

This version focuses on email-based OTP. App-based authentication may be added in
future versions.

### Is there a premium version?

Currently, there’s only the free version with all features included.

## 评价

此插件暂无评价。

## 贡献者及开发者

「Rat Two-Factor Authentication」是开源软件。 以下人员对此插件做出了贡献。

贡献者

 *   [ rathsh ](https://profiles.wordpress.org/rathsh/)

[帮助将「Rat Two-Factor Authentication」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/rat-two-factor-authentication)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/rat-two-factor-authentication/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/rat-two-factor-authentication/)，
或通过[RSS](https://plugins.trac.wordpress.org/log/rat-two-factor-authentication/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/rat-two-factor-authentication/)。

## 更新日志

#### 1.0.1 – 2024-12-19

 * Initial release
 * Email-based OTP verification
 * User and admin interfaces
 * Role-based requirements
 * Session management
 * AJAX functionality
 * Mobile optimization
 * Security implementations
 * WordPress 6.4 compatibility

## 额外信息

 *  版本 **1.0.1**
 *  最后更新：**9 月前**
 *  活跃安装数量 **不到10**
 *  WordPress 版本 ** 5.0 或更高版本 **
 *  已测试的最高版本为 **6.8.5**
 *  PHP 版本 ** 7.4 或更高版本 **
 *  语言
 * [English (US)](https://wordpress.org/plugins/rat-two-factor-authentication/)
 * 标签
 * [2FA](https://cn.wordpress.org/plugins/tags/2fa/)[authentication](https://cn.wordpress.org/plugins/tags/authentication/)
   [otp](https://cn.wordpress.org/plugins/tags/otp/)[security](https://cn.wordpress.org/plugins/tags/security/)
   [two factor](https://cn.wordpress.org/plugins/tags/two-factor/)
 *  [高级视图](https://cn.wordpress.org/plugins/rat-two-factor-authentication/advanced/)

## 评级

尚未提交反馈。

[Your review](https://wordpress.org/support/plugin/rat-two-factor-authentication/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/rat-two-factor-authentication/reviews/)

## 贡献者

 *   [ rathsh ](https://profiles.wordpress.org/rathsh/)

## 支持

有话要说吗？是否需要帮助？

 [查看支持论坛](https://wordpress.org/support/plugin/rat-two-factor-authentication/)