2FA short for Two Factor Authentication, is a protection system passed in two steps.

Official Documentation Link: https://awwo.link/jeZgv

These features will not work, unless you activate the section. Use the 'checkbox' next to the section title, and then hit the 'Save Changes' button at the bottom to activate. 'These functions are currently resting in peace. Please use the checkbox for activation.' message confirms that no actual code is running in the background. This system allows users to use a one-time generated code/token in order to confirm identity during the authentication process. These codes are generated by an app installed on a smartphone. There are multiple free apps which can deliver these tokens. Google Authenticator, Authy and Microsoft Authenticator are the most common ones, because they offer cloud based backups as well. Once installed, use your camera app to scan the QR code and. If the app on your smartphone is showing the same code as the one in this page (check current authentication code), it means you that you have successfully configured the account protection system. Use [cw_2fa_protection] shortcode for security setup dashboard display and [cw_2fa_emergency_codes] emergency codes page.

  1. Enable Protection for: Activate 2FA based on User Role (Administrator, Editor, Author, etc.).
  2. Enable Password Check First: Verify password before 2FA code submission.
  3. Enable Compulsory Protection: Force users to activate 2FA.
  4. Enforce 2FA Activation in: Define 2FA activation timeframe.
  5. Hide 2FA Disable Button: Remove user's ability to disable 2FA once activated.
  6. Redirect Link after Expiration: Setup a redirect link for cases when users did not fulfil 2FA Activation.
  7. 2FA Configuration Link: Setup a link for users to follow when they want to activate 2FA.
  8. 2FA Period Extension Email Subject: Setup email subject for period extension, which can be personalized.
  9. 2FA Period Extension Email Content: Setup email body content for period extension, which can be personalized.
  10. Enable Trusted Devices: Enable users to bypass 2FA input on trusted devices for a period of time.
  11. Request New Two-Factor Code After: Define time interval for trusted devices bypass.
  12. Emergency Codes Volume: Define a number of backup codes an user can get for account recovery.
  13. Emergency Codes Page: Setup page access by inserting [cw_2fa_emergency_codes] shortcode.
  14. Invalid Token Message: Customize error message for situations where 2FA codes are wrongly typed in.
  15. Invalid Emergency Token Message: Customize error message for situations where an emergency code is wrongly typed in.
  16. Frontend Section Content: Instructions for 2FA setup inside preferred account endpoint.

Reset Section Settings using the checkbox and Save Changes button in order to remove database entries.