Introduction to dual authentication with WPMasterToolKit
The security of connections to a WordPress site is a major concern for site administrators. To meet this need, we've integrated a dual authentication module (2FA) into WPMasterToolKit. This feature enhances security by adding an extra step to the login process, protecting your site against brute-force attacks and unauthorized access. This module replaces the need to install a third-party plugin dedicated to dual authentication.
Which plugin can this module replace?
The module Two Factor Authentication from WPMasterToolKit can replace popular plugins such as Two Factor Authentication by WP Plugins, Google Authenticatoror similar 2FA-based solutions. The advantage here is that this module is part of the WPMasterToolKit ecosystem, guaranteeing optimum compatibility with the plugin's other functionalities.
Main features of the module
- Flexible authentication methods :
Currently, the included method is sending a unique code by email, but the structure is extensible for other methods. - Activation by user role :
You can activate dual authentication only for specific roles (e.g. administrators or editors). - Customize settings :
Administrators can configure authentication methods directly from the WordPress dashboard. - Checking the login page :
A simple but secure validation process enables users to complete their connection by entering the code sent by email. - Optimized user interface :
The module offers a neat interface for administrators in the dashboard, as well as an intuitive user experience when logging in.
How to use this module
Module activation
To activate the module, go to the WPMasterToolKit settings page and enable the "Two Factor Authentication" module. Once activated, a dedicated sub-menu will appear in the settings.
Settings configuration
- Go to the submenu Two Factor Authentication.
- Activate dual authentication for the desired user roles. For example, check "Administrator" to protect only accounts with full access to the site.
- Activate or deactivate the available authentication methods. By default, the "Email" method is enabled.
User experience
When a user attempts to log in, a modal window opens after entering their login details. This window prompts the user to choose a method (for example, to receive a code by e-mail).
Once the code has been emailed to the user, all they have to do is copy and paste it into the popup window.
User management
Administrators can also manage user authentication preferences directly in their WordPress profiles.
Technical choices behind this module
- Using WordPress hooks :
The module uses hooks such aslogin_form
andwp_authenticate_user
to integrate directly into the WordPress login process. This ensures native compatibility without disrupting other features. - Enhanced security with nonces :
All AJAX actions and administration forms use nonces to prevent CSRF (Cross-Site Request Forgery) attacks. - Scalability :
The module is designed to be scalable. Developers can use hooks such aswpmastertoolkit_two_factor_authentication_email_html
to personalize emails or add new authentication methods. - Native WordPress compatibility :
The module uses WordPress APIs such aswp_mail
for sending emails and user metadata for storing temporary codes.
Conclusion
The module Two Factor Authentication from WPMasterToolKit is a lightweight, high-performance solution for strengthening the security of your WordPress site. It features advanced protection without the need for third-party plugins, while integrating seamlessly with the WordPress administration interface. Thanks to its flexibility and detailed settings, it meets the security needs of all types of site, from personal blogs to corporate sites.