Title: Two Factor (2FA) Authentication via Email
Author: Sully
Published: <strong>2023 年 3 月 15 日</strong>
Last modified: 2025 年 12 月 3 日

---

搜索插件

![](https://ps.w.org/two-factor-2fa-via-email/assets/banner-772x250.png?rev=2948064)

![](https://ps.w.org/two-factor-2fa-via-email/assets/icon-256x256.png?rev=2895273)

# Two Factor (2FA) Authentication via Email

 作者：[Sully](https://profiles.wordpress.org/ss88_uk/)

[下载](https://downloads.wordpress.org/plugin/two-factor-2fa-via-email.1.9.9.zip)

[实时预览](https://cn.wordpress.org/plugins/two-factor-2fa-via-email/?preview=1)

 * [详情](https://cn.wordpress.org/plugins/two-factor-2fa-via-email/#description)
 * [评价](https://cn.wordpress.org/plugins/two-factor-2fa-via-email/#reviews)
 *  [安装](https://cn.wordpress.org/plugins/two-factor-2fa-via-email/#installation)
 * [开发进展](https://cn.wordpress.org/plugins/two-factor-2fa-via-email/#developers)

 [支持](https://wordpress.org/support/plugin/two-factor-2fa-via-email/)

## 描述

A simple, lightweight, yet effective plugin to enable two factor (2FA) authentication
via email. You can enable this on an individual user basis, for all administrators,
editors, or all accounts with one line of code in your `wp-config.php` file.

WordPress is the world’s most popular content management system (CMS), with over
40% of all websites running on it. As such, it has become a prime target for hackers
looking to exploit vulnerabilities to gain unauthorized access to websites. One 
of the best ways to enhance the security of a WordPress site is to enable two-factor
authentication (2FA) for administrators.

 * Simply enable the plugin then edit a user account to enable 2FA for that individual
   user.
 * Please make sure your WordPress website sends and receives emails correctly. 
   The best way is to use a SMTP plugin.

**Check out our other plugins:**

 * 🎉 [Media Library File Size](https://wordpress.org/plugins/media-library-file-size/)
 * ✨ [Export Single Post Page](https://wordpress.org/plugins/single-post-page-export/)
 * 🙍‍♂️ [View User Metadata](https://wordpress.org/plugins/view-user-metadata/)
 * 🔠 [Enable Turnstile (Cloudflare) for Gravity Forms](https://wordpress.org/plugins/enable-turnstile-cloudflare-for-gravity-forms/)
 * ⭐️⭐️⭐️⭐️⭐️ [Gravity Forms to FreeScout](https://neoboffin.com/plugins/gravity-forms-freescout?utm_campaign=OtherPlugins)

## 屏幕截图

 * [[
 * Under each user account settings, you can click the toggle to turn 2FA on/off.
 * [[
 * When 2FA is enabled, the user will see this screen after a log-in.
 * [[
 * An example of an error screen.
 * [[
 * An email sent to the site admin when the 2FA plugin is disabled.

## 安装

Use the automatic installer via WordPress or download the plugin and:

 1. Upload the plugin files to the `/wp-content/plugins/two-factor-2fa-via-email` directory.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress.
 3. Navigate to your profile or any other users and enable to toggle 2FA to enable 
    per account.

## 常见问题

### Help! I’m locked out!

If you are not receiving the email to login then in order to regain access to your
account, you’ll have to disable the plugin. The only way to do this is by renaming
the plugin folder from `two-factor-2fa-via-email` to `two-factor-2fa-via-email.backup`
or equivalent.

### 15 minutes is too long/short for me. Can this be changed?

Yes! As of version 1.5.2 you can now add a defined constant to your `wp-config.php`
file;

    ```
    define('SS88_2FAVE_LINK_EXPIRES_MINUTES', 10);
    ```

Where the number 10 is, change this to whatever value (in minutes) you prefer.

### Can I enable this for every Administrator?

Yes! As of version 1.6 you can now add a defined constant to your `wp-config.php`
file;

    ```
    define('SS88_2FAVE_ENABLE_ADMINS', true);
    ```

### Can I enable this for every Editor?

Yes! As of version 1.6 you can now add a defined constant to your `wp-config.php`
file;

    ```
    define('SS88_2FAVE_ENABLE_EDITORS', true);
    ```

### Can I enable this for every Contributor?

Yes! As of version 1.9.2 you can now add a defined constant to your `wp-config.php`
file;

    ```
    define('SS88_2FAVE_ENABLE_CONTRIBUTORS', true);
    ```

### Can I enable this for every Subscriber?

Yes! As of version 1.7.1 you can now add a defined constant to your `wp-config.php`
file;

    ```
    define('SS88_2FAVE_ENABLE_SUBSCRIBERS', true);
    ```

### Can I enable this for every account?

Yes! As of version 1.6 you can now add a defined constant to your `wp-config.php`
file;

    ```
    define('SS88_2FAVE_ENABLE_ALL', true);
    ```

### Can I change who receives the plugin deactivated email?

Yes! As of version 1.6 you can now add a defined constant to your `wp-config.php`
file;

    ```
    define('SS88_2FAVE_NOTIFICATION_EMAIL', 'john@doe.com');
    ```

Change `john@doe.com` to your preferred email.

### How do I disable 2FA on the REST API?

Yes! As of version 1.9 you can now add a defined constant to your `wp-config.php`
file;

    ```
    define('SS88_2FAVE_API_DISABLE_ALL', true);
    ```

### How can I redirect users to a URL after logging in?

As of version 1.9.1 you can use the filter `SS88_2FAVE_custom_redirect` like so:

    ```
    add_filter('SS88_2FAVE_custom_redirect', function($URL) {

        if(current_user_can('editor')) return 'https://custom.com/page/here';
        else return $URL;

    });
    ```

### Can I override the isEnabled function?

As of version 1.9.1 you can use the filter `SS88_2FAVE_isEnabled` like so:

    ```
    add_filter('SS88_2FAVE_isEnabled', function($isEnabled, $UserID, $type) {

        // $isEnabled = Prior value
        // $UserID = ID of user
        // $type = Values are API or LOGIN

        return $isEnabled;

    }, 10, 3);
    ```

Please note that if you have `SS88_2FAVE_ENABLE_ALL`, `SS88_2FAVE_ENABLE_ADMINS`,`
SS88_2FAVE_ENABLE_EDITORS`, `SS88_2FAVE_ENABLE_CONTRIBUTORS`, `SS88_2FAVE_ENABLE_SUBSCRIBERS`,
or `SS88_2FAVE_API_DISABLE_ALL` set, the filter `SS88_2FAVE_isEnabled` will not 
work.

## 评价

![](https://secure.gravatar.com/avatar/7cd1c6cb9bfc448eb5b90e249c0ff4e61c4061a86a68481311c0664c78c6eb62?
s=60&d=retro&r=g)

### 󠀁[Exactly what I needed](https://wordpress.org/support/topic/exactly-what-i-needed-974/)󠁿

 [Tapash](https://profiles.wordpress.org/tapashdatta/) 2024 年 10 月 20 日 1 回复

Simple and lightweight plugin. Love it

![](https://secure.gravatar.com/avatar/50ed8f23e9e5c9a01b6e4a44797e70206981c700660efc84da0daa8abb11673c?
s=60&d=retro&r=g)

### 󠀁[A lightweight, task-specific two-step login plugin](https://wordpress.org/support/topic/a-lightweight-task-specific-two-step-login-plugin/)󠁿

 [Jeremy Wu](https://profiles.wordpress.org/dreamingwu/) 2024 年 4 月 29 日 1 回复

A lightweight, task-specific two-step login plugin that supports localization. It
is very convenient for personal use or for protecting client websites. The developer
responds quickly to reasonable requests.

![](https://secure.gravatar.com/avatar/0cd03c00eebfbf654561bfaa77d428b468e00c538a2763f851f2701e00065258?
s=60&d=retro&r=g)

### 󠀁[Simple, lightweight and easy to use – should be baked into wordpress IMO](https://wordpress.org/support/topic/simple-lightweight-and-easy-to-use-should-be-baked-into-wordpress-imo/)󠁿

 [nathantpc](https://profiles.wordpress.org/nathantpc/) 2024 年 4 月 11 日 1 回复

Excellent plugin, just install and enable 2FA for specific admin accounts, or edit
the wpconfig file for site-wide role-based 2FA control.

![](https://secure.gravatar.com/avatar/12c45aceacb7c5a535bae936e34d7e2b9f44720f240e15e06a7f723bb19704bc?
s=60&d=retro&r=g)

### 󠀁[Easily gives that extra security everyone should have](https://wordpress.org/support/topic/easily-gives-that-extra-security-everyone-should-have/)󠁿

 [bopsbees](https://profiles.wordpress.org/bopsbees/) 2023 年 4 月 1 日 1 回复

After trying out some of the other plugins from this developer, I saw there was 
this 2FA plugin. The sheer amount of spam I get really has raised concerns about
security and I’m so glad I found this. Install – click the toggle for 2FA on the
user account – done. Easiest way to boost security going, no crazy configuration
needs, took literally seconds to do. Seems to work perfectly and I feel a lot better
about the integrity of my accounts.

 [ 阅读所有4条评价 ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/)

## 贡献者及开发者

「Two Factor (2FA) Authentication via Email」是开源软件。 以下人员对此插件做出了
贡献。

贡献者

 *   [ Sully ](https://profiles.wordpress.org/ss88_uk/)

「Two Factor (2FA) Authentication via Email」插件已被翻译至 3 种本地化语言。 感谢
[所有译者](https://translate.wordpress.org/projects/wp-plugins/two-factor-2fa-via-email/contributors)
为本插件所做的贡献。

[帮助将「Two Factor (2FA) Authentication via Email」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/two-factor-2fa-via-email)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/two-factor-2fa-via-email/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/two-factor-2fa-via-email/)，或通过
[RSS](https://plugins.trac.wordpress.org/log/two-factor-2fa-via-email/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/two-factor-2fa-via-email/)。

## 更新日志

#### 1.9.9

 * Please update ASAP. Security Fix: CVE-2025-13587
 * Removal of logo on 2FA Login Screen

#### 1.9.8

 * Thank you for 10,000+ active installations! 🙂
 * Fix: REST API authentication

#### 1.9.7

 * PHP Warning fix on new user

#### 1.9.6

 * Integrated Initialization Vector
 * Canged Cipher to AES-256-CBC
 * Added ‘pretty formatting’ when token decrption fails

#### 1.9.5

 * UX improvement: Refresh 2FA Page with countdown when user is sucessfully logged
   in

#### 1.9.4

 * Improved `header_remove()` function by only removing `Set-Cookie`

#### 1.9.3

 * A new constant has been integrated which can be added in wp-config.php to override
   individual user settings to force 2FA to be enabled for Contributors. Add `SS88_2FAVE_ENABLE_CONTRIBUTORS`
   to your `wp-config.php` i.e. `define('SS88_2FAVE_ENABLE_CONTRIBUTORS', true);`.

#### 1.9.2

 * Added PHP’s `header_remove();` function upon logging in. Seems to solve 502 ad
   503 issues, especially with GoDaddy.

#### 1.9.1

 * A new filter `SS88_2FAVE_custom_redirect` was added. You can now override the
   final URL where users are redirect to after sucessfully logging in. See example
   in FAQs.
 * A new filter `SS88_2FAVE_isEnabled` was added. You can now override if 2FA is
   enabled. See example in FAQs.

#### 1.9

 * The REST API (by default) has 2FA enabled. There are now new settings to disable
   it on an individual user basis by using the user edit screen.
 * A new constant `SS88_2FAVE_API_DISABLE_ALL` was added to completely disable the
   2FA on the REST API.

#### 1.8

 * Added 1.7.1 to trunk in WP Plugin Directory for rollback compatibility
 * We are now using $priority 1 on the wp_login hook
 * Added theme/folder compatibility. As of v1.4 developers could add `ss88-2fa-page.
   php` to their theme directory. We now support an additional directory `ss88-2fa`
   i.e. `wp-content/themes/xxx/ss88-2fa/2fa-page.php`. v1.4 functionality will be
   removed in a future release in favor for the new directory `ss88-2fa`.
 * Added support for advanced developers to use a custom 2FA email. You can now 
   override the 2FA email by copying `assets/html/login-email.php` to your theme’s
   directory. Upload this file to `wp-content/themes/xxx/ss88-2fa/login-email.php`
   to customize it!

#### 1.7.1

 * A new constant has been integrated which can be added in wp-config.php to override
   individual user settings to force 2FA to be enabled for Subscribers. Add `SS88_2FAVE_ENABLE_SUBSCRIBERS`
   to your `wp-config.php` i.e. `define('SS88_2FAVE_ENABLE_SUBSCRIBERS', true);`.

#### 1.7

 * Localization integration

#### 1.6.4

 * Integration with the default Remember Me checkbox from WordPress

#### 1.6.3

 * Integration with Ultimate Member

#### 1.6.2

 * Removed accidental code forcing everyone who logged in to receive a 2FA screen

#### 1.6.1

 * Deactivation fatal error fix

#### 1.6

 * New Features:
 * Wording changed when SMTP is not enabled.
 * The plugin now sends an email to the site admin if the plugin is deactivated.
   The email can be overridden by defining the constant `SS88_2FAVE_NOTIFICATION_EMAIL`
   in `wp-config.php` i.e. `define('SS88_2FAVE_NOTIFICATION_EMAIL', 'john@doe.com');`
 * Three new constants added which can be added in wp-config.php to override individual
   user settings to force 2FA to be enabled. They are: `SS88_2FAVE_ENABLE_ALL` (
   to enable for every single account), `SS88_2FAVE_ENABLE_ADMINS` (to enable only
   for Administrators), and `SS88_2FAVE_ENABLE_EDITORS` (to enable for Editors) 
   i.e. `define('SS88_2FAVE_ENABLE_ALL', true);`.

#### 1.5.2

 * Replaced sanitize_url in favor of esc_url
 * Added a new constant `SS88_2FAVE_LINK_EXPIRES_MINUTES` so that users can define
   their own link expiry time in minutes
 * Added a JavaScript countdown timer to the login page

#### 1.5.1

 * Email content fix

#### 1.5

 * ‘Fancy’ emails
 * Moving files into appropriate folders
 * Re-order of security features when logging in

#### 1.4

 * Added PHP_INT_MAX to wp_login hook
 * Added support for advanced developers to use a custom 2FA template. You can now
   override the 2FA page by copying `assets/2fa-page.php` to your theme’s directory.
   Upload this file to `wp-content/themes/xxx/ss88-2fa-page.php` to customize it!

#### 1.3

 * Fixed ‘dismiss’ link on notification
 * Added support for SMTP Mailer check

#### 1.2

 * Added support link to plugin page

#### 1.1

 * Fix openssl key
 * Fix echo’ing

#### 1.0

 * Initial release.

## 额外信息

 *  版本 **1.9.9**
 *  最后更新：**4 月前**
 *  活跃安装数量 **9,000+**
 *  WordPress 版本 ** 4.6 或更高版本 **
 *  已测试的最高版本为 **6.9.4**
 *  PHP 版本 ** 5.6 或更高版本 **
 *  语言
 * [Chinese (Taiwan)](https://tw.wordpress.org/plugins/two-factor-2fa-via-email/)、
   [Dutch](https://nl.wordpress.org/plugins/two-factor-2fa-via-email/) 、 [English (US)](https://wordpress.org/plugins/two-factor-2fa-via-email/)
   和 [Hebrew](https://he.wordpress.org/plugins/two-factor-2fa-via-email/).
 *  [翻译成简体中文](https://translate.wordpress.org/projects/wp-plugins/two-factor-2fa-via-email)
 * 标签
 * [2FA](https://cn.wordpress.org/plugins/tags/2fa/)[2fa-authentication](https://cn.wordpress.org/plugins/tags/2fa-authentication/)
   [authentication](https://cn.wordpress.org/plugins/tags/authentication/)[two factor](https://cn.wordpress.org/plugins/tags/two-factor/)
   [two factor authentication](https://cn.wordpress.org/plugins/tags/two-factor-authentication/)
 *  [高级视图](https://cn.wordpress.org/plugins/two-factor-2fa-via-email/advanced/)

## 评级

 5 星（最高 5 星）。

 *  [  4 条 5 星评价     ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=5)
 *  [  0 条 4 星评价     ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=4)
 *  [  0 条 3 星评价     ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=3)
 *  [  0 条 2 星评价     ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=2)
 *  [  0 条 1 星评价     ](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/two-factor-2fa-via-email/reviews/)

## 贡献者

 *   [ Sully ](https://profiles.wordpress.org/ss88_uk/)

## 支持

最近两个月解决的问题：

     总计 2，已解决 2

 [查看支持论坛](https://wordpress.org/support/plugin/two-factor-2fa-via-email/)

## 捐助

您愿意支持这个插件的发展吗?

 [ 捐助此插件 ](https://paypal.me/SS88/)