Uncomplicated 2FA plugin for WordPress. Tested with WordPress 5.5+ and PHP 7.4+.
| Author: | joho68 (profile at wordpress.org) |
| WordPress version required: | 5.4.0 |
| WordPress version tested: | 6.9.4 |
| Plugin version: | 2.0.1 |
| Added to WordPress repository: | 24-06-2024 |
| Last updated: | 16-03-2026 |
| Rating, %: | 0 |
| Rated by: | 0 |
| Plugin URI: | https://code.webbplatsen.net/wordpress/cloudb... |
| Total downloads: | 1 308 |
 Click to start download |
|
This plugin provides uncomplicated 2FA functionality for WordPress. It will
allow you to require a second, one time password or OTP, code to be entered
when certain (or all) users attempt to log in to WordPress.
The plugin supports two factor methods:
- six-digit codes sent by e-mail
- standards-based authenticator apps using TOTP
The e-mail code has a limited lifetime (defaults to 15 minutes). Once a code
has been consumed, it is considered invalid.
Authenticator app setup is handled from the user’s own profile page. The plugin
provides a QR code, a manual setup key, and recovery codes for when the
authenticator app is not available.
You may configure that only certain roles are required to use 2FA, and it is
recommended that you enable 2FA for those users with privileged access.
You may also configure the plugin to allow certain roles to enable an OTP code
bypass, which will set a cookie in that user’s web browser. The cookies are
partially based on the username, so several users can share the same browser,
but still be required to always enter the OTP code, or bypass it if the cookie
is present.
You can add custom text to the OTP code entry form, and you can add custom text
to the OTP code e-mail message.
The plugin can be configured to allow it to be handled/managed only by specific
users, thus making it harder for someone to accidentally or intentionally
deactivate it. The implemented solution for this is by no means waterproof. If
someone, for example, has access to your WordPress installation by means of FTP
or similar, the plugin files can be physically removed (or moved out of your
WordPress installation), which basically deactivates the plugin as well.
Credits
The Cloudbridge 2FA Plugin was written by Joaquim Homrighausen while converting caffeine into code.
Cloudbridge 2FA is sponsored by WebbPlatsen i Sverige AB, Sweden.
Commercial support and customizations for this plugin is available from WebbPlatsen i Sverige AB in Sweden.
If you find this plugin useful, the author is happy to receive a donation, good review, or just a kind word.
If there is something you feel to be missing from this plugin, or if you have found a problem with the code or a feature, please do not hesitate to reach out to support@webbplatsen.se.
This plugin can also be downloaded from code.webbplatsen.net and GitHub
More detailed documentation is available at https://code.webbplatsen.net/documentation/cloudbridge-2fa/
Kudos to Kev Quirk for Simple CSS
QR code setup on the authenticated profile page uses QR Code Generator for JavaScript by Kazuhiko Arase (MIT license).
Screenshots
ChangeLog
