Rat Two-Factor Authentication is a lightweight yet powerful security plugin that adds an extra layer of protection to your WordPress site through email-based One-Time Password (OTP) verification.
Key Features
- Email-based OTP verification – Secure 6-digit codes sent to user』s email
- Lightweight and fast – Minimal impact on site performance
- User-friendly interface – Clean, responsive design that works on all devices
- Flexible settings – Enable 2FA globally or per user
- Role-based requirements – Require 2FA for specific user roles
- Session management – Secure session handling with timeout protection
- AJAX-powered – Smooth user experience without page reloads
- Auto-submit functionality – Automatically submits form when 6 digits are entered
- Resend functionality – Users can request new codes with cooldown protection
- Mobile-friendly – Optimized for mobile login experiences
- Security-first – Nonce protection, input sanitization, and secure coding practices
How It Works
- User enters their username and password normally
- If 2FA is enabled, they』re redirected to an OTP verification screen
- A 6-digit code is sent to their registered email address
- User enters the code to complete login
- Code expires after 10 minutes for security
Perfect For
- Business websites requiring enhanced security
- E-commerce stores protecting customer accounts
- Membership sites with sensitive user data
- Multi-author blogs securing contributor access
- Any WordPress site wanting better login security
Admin Features
- Global 2FA setting – Enable for all users
- Force 2FA option – Make it mandatory for selected roles
- Role-based configuration – Choose which roles require 2FA
- User profile integration – Users can enable/disable 2FA individually
- Clean admin interface – Easy to configure and manage
Developer Friendly
- Well-documented code with inline comments
- WordPress coding standards compliant
- Hook system for customization
- Lightweight codebase for easy modification
- No external dependencies – Pure WordPress integration
Security Features
- Nonce verification for all AJAX requests
- Input sanitization and validation
- Secure OTP generation using WordPress built-in functions
- Session timeout protection (10 minutes)
- Rate limiting on resend requests
- No plain text storage of OTP codes
Configuration
Global Settings
Navigate to Settings > Two-Factor Auth to configure:
- Enable 2FA Globally: Turn on 2FA for all users
- Force 2FA for All Users: Make 2FA mandatory regardless of user preference
- Required User Roles: Select specific roles that must use 2FA
User Settings
Each user can enable/disable 2FA in their profile:
- Go to Users > Profile (or Users > Your Profile)
- Find the 「Two-Factor Authentication」 section
- Check 「Enable 2FA」 to activate for that user
- Save the profile
Email Configuration
The plugin uses WordPress』s built-in wp_mail() function. Ensure your site can send emails properly. Consider using:
- SMTP plugins for reliable email delivery
- Email services like SendGrid, Mailgun, or Amazon SES
- Proper SPF/DKIM records for your domain
Support
For support, feature requests, or bug reports:
- Plugin Support: WordPress.org Support Forum
- Documentation: Available in the plugin』s admin area
- Bug Reports: Please provide detailed information about your setup
Contributing
We welcome contributions! The plugin follows WordPress coding standards and best practices.
Privacy Policy
This plugin:
* Stores minimal user data (2FA preference and temporary OTP hashes)
* Does not send data to external services
* Uses WordPress』s built-in email system
* Follows WordPress privacy guidelines
* Allows data export/erasure as per GDPR requirements
Technical Requirements
- WordPress 5.0 or higher
- PHP 7.4 or higher
- MySQL 5.6 or higher (or equivalent MariaDB)
- Ability to send emails from WordPress
- Modern web browser with JavaScript enabled
Credits
Developed with ❤️ by the Rat Plugins team, focused on creating lightweight, powerful, and user-friendly WordPress plugins.
License
This plugin is licensed under the GPL v2 or later.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
