{"id":30031022,"url":"https://github.com/imimofficial/2factorloginforwp","last_synced_at":"2025-09-07T23:45:26.506Z","repository":{"id":304667771,"uuid":"1019499878","full_name":"iMiMofficial/2FactorLoginForWP","owner":"iMiMofficial","description":"Secure OTP-based login \u0026 signup for WordPress using 2Factor.in. Modern, customizable, and production-ready plugin.","archived":false,"fork":false,"pushed_at":"2025-07-15T18:29:47.000Z","size":621,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-06T19:04:33.959Z","etag":null,"topics":["login","otp","plugin","wordpress"],"latest_commit_sha":null,"homepage":"https://wordpress.org/plugins/2factor-login-for-wp/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/iMiMofficial.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-14T12:23:40.000Z","updated_at":"2025-07-15T18:29:50.000Z","dependencies_parsed_at":"2025-07-14T17:14:17.755Z","dependency_job_id":"8203f050-bdcd-4c56-803f-46aa9a344ca4","html_url":"https://github.com/iMiMofficial/2FactorLoginForWP","commit_stats":null,"previous_names":["imimofficial/2factorloginforwp"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/iMiMofficial/2FactorLoginForWP","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iMiMofficial%2F2FactorLoginForWP","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iMiMofficial%2F2FactorLoginForWP/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iMiMofficial%2F2FactorLoginForWP/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iMiMofficial%2F2FactorLoginForWP/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/iMiMofficial","download_url":"https://codeload.github.com/iMiMofficial/2FactorLoginForWP/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/iMiMofficial%2F2FactorLoginForWP/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274113001,"owners_count":25224332,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-07T02:00:09.463Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["login","otp","plugin","wordpress"],"created_at":"2025-08-06T19:02:40.819Z","updated_at":"2025-09-07T23:45:26.495Z","avatar_url":"https://github.com/iMiMofficial.png","language":"PHP","funding_links":["https://www.patreon.com/iMiMofficial","https://www.buymeacoffee.com/imimofficial","https://paypal.me/imimofficial"],"categories":[],"sub_categories":[],"readme":"\u003c!-- Banner/Logo --\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/iMiMofficial/2FactorLoginForWP/main/assets/img/logo.svg\" alt=\"2Factor Login for WP\" width=\"200\"/\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003e2Factor Login for WP\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eModern, secure OTP-based login \u0026 signup for WordPress\u003c/b\u003e\u003cbr/\u003e\n  \u003ca href=\"https://wordpress.org/plugins/2factor-login-for-wp/\"\u003eWordPress.org\u003c/a\u003e • \u003ca href=\"https://github.com/iMiMofficial/2FactorLoginForWP\"\u003eGitHub\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/WordPress-5.0%2B-blue\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Tested%20up%20to-6.8-brightgreen\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-GPLv2%2B-blue\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Stable%20tag-1.0.0-blue\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Open-Source-brightgreen\"/\u003e\n\u003c/p\u003e\n\n---\n\n## ✨ Features\n- 🔐 **OTP-based Authentication**: Secure login/signup with phone and OTP (no passwords needed)\n- 🔄 **WordPress Integration**: Seamless user creation, login, and onboarding\n- 👤 **User Role Selection**: Assign any role (default: subscriber) to new users, with admin warning for privileged roles\n- 📲 **2Factor API**: Uses your 2Factor.in API key for SMS OTP delivery\n- 📝 **Dynamic Onboarding**: Collect email/name after OTP or both (admin configurable)\n- 🌍 **Country Code Dropdown**: User can select country code (or use default)\n- 🕵️‍♂️ **Privacy-Friendly Usernames**: Truncated phone + random code or full phone (admin option)\n- ⚙️ **Admin Settings**: 15+ configurable options, all in a modern tabbed UI\n- 🎨 **Custom Redirect \u0026 CSS**: Set redirect after login and inject custom styles\n- 🗂 **User Profile Integration**: Onboarding data (phone, name, email) visible/editable in admin\n- 💎 **Modern UI**: Responsive, accessible, and minimal design\n- 🛡 **Security**: Rate limiting, brute force protection, OTP expiry, validation, and enumeration protection\n- 🚫 **No test/debug code**: Production-ready, no sensitive data exposed\n\n---\n\n## ⚡ Quick Start\n1. **Upload or clone** to `/wp-content/plugins/2factor-login-for-wp/`\n2. **Activate** in your WordPress admin\n3. **Configure** via \u003cb\u003eSettings → 2Factor Login\u003c/b\u003e\n4. **Add** `[twofactor_login]` shortcode to any page/post\n\n---\n\n## 🖼 Screenshots\n\n| Screenshot | Preview |\n|------------|---------|\n| Login Form | ![](https://raw.githubusercontent.com/iMiMofficial/2FactorLoginForWP/main/assets/img/2factor-screenshot-front-end.png) |\n| Admin API Settings | ![](https://raw.githubusercontent.com/iMiMofficial/2FactorLoginForWP/main/assets/img/2factor-screenshot-admin-api-settings.png) |\n| Admin Customize | ![](https://raw.githubusercontent.com/iMiMofficial/2FactorLoginForWP/main/assets/img/2factor-screenshot-admin-customize.png) |\n| Admin Shortcode | ![](https://raw.githubusercontent.com/iMiMofficial/2FactorLoginForWP/main/assets/img/2factor-screenshot-admin-shortcode.png) |\n| Admin Advanced | ![](https://raw.githubusercontent.com/iMiMofficial/2FactorLoginForWP/main/assets/img/2factor-screenshot-admin-advanced.png) |\n---\n\n## ⚙️ Admin Settings\n- **2Factor API Key**: Your API key from [2Factor.in](https://2factor.in)\n- **OTP Length**: 4-8 digits\n- **OTP Expiry**: 1-15 minutes\n- **Allow Country Code Selection**: User can pick country (or use default)\n- **Default Country Code**: e.g. +91\n- **Require Email/Name**: Toggle onboarding fields\n- **When to Collect Fields**: After OTP or Both (before/after)\n- **Primary Button Color**: UI customization\n- **User Role**: Any WordPress role (with warning for \"Administrator\")\n- **Username Generation**: Truncated (privacy-friendly) or full phone number\n- **Redirect URL**: Custom after login\n- **Custom CSS**: Style injection\n- **Dark Mode, Animations, Accessibility**: All UI is accessible and customizable\n\n---\n\n## 📝 Usage\n- Add `[twofactor_login]` shortcode to any page/post for the OTP login/signup form\n- The form will show phone (+91 pre-filled or country dropdown), and onboarding fields as per settings\n- All actions are AJAX-based, no reloads\n- New users are created and logged in automatically\n- Existing users log in with OTP\n\n---\n\n## 👤 User Profile (Admin)\n- Onboarding data (phone, name, email) is visible and editable in the user profile in admin\n- Admins can update user phone, name, and email from the profile page\n\n---\n\n## 🔒 Security \u0026 Best Practices\n- ⏱ **Rate Limiting**: 1 OTP per minute per phone\n- 🚫 **Brute Force Protection**: 3 attempts per OTP, plus IP-based lockout (5 minutes after 3 failed attempts)\n- ⏳ **OTP Expiry**: Configurable (default 5 min)\n- 💾 **OTP Storage**: Transient with DB fallback for reliability\n- 🧹 **Validation**: All fields validated and sanitized\n- 🛡 **Nonce Verification**: All AJAX and form actions are nonce-protected\n- 🧼 **Output Escaping**: All output is properly escaped\n- 🛡 **SQL Injection Safe**: All queries use `$wpdb-\u003eprepare()` and `esc_sql()`\n- 🕵️‍♂️ **User/Email Enumeration Protection**: Generic error messages for onboarding and user check\n- 📁 **No direct file operations**: Uses WP_Filesystem\n- 🚫 **No debug/test code in production**\n- 🚫 **No direct access to plugin files**\n- 🧹 **No unnecessary files in release**\n\n---\n\n## 💡 FAQ\n\u003cdetails\u003e\n\u003csummary\u003eDoes it support both login and signup?\u003c/summary\u003e\nYes! If the phone exists, user logs in. If not, a new user is created.\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eWhat if onboarding is disabled?\u003c/summary\u003e\nUsername and email are auto-generated from the phone number.\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eWhat about passwords?\u003c/summary\u003e\nPasswords are randomly generated and not shown to the user. Users log in with OTP.\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCan users set a password later?\u003c/summary\u003e\nYes, via the default WordPress \"Lost your password?\" link or admin profile.\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCan I use this for WooCommerce or membership sites?\u003c/summary\u003e\nYes, it works with any plugin that uses standard WordPress user accounts.\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eIs it compatible with caching plugins?\u003c/summary\u003e\nYes, OTPs are stored in transients with DB fallback for reliability.\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eIs it GDPR compliant?\u003c/summary\u003e\nNo personal data is sent to 2Factor.in except the phone number for OTP delivery. All data is stored in your WordPress site.\n\u003c/details\u003e\n\n---\n\n## 🤝 Contributing\nPull requests, issues, and suggestions are welcome! For major changes, please open an issue first to discuss what you would like to change.\n\n1. Fork the repo\n2. Create your feature branch (`git checkout -b feature/AmazingFeature`)\n3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)\n4. Push to the branch (`git push origin feature/AmazingFeature`)\n5. Open a Pull Request\n\n---\n\n## 🙋‍♂️ Author \u0026 Support\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eMd Mim Akhtar\u003c/b\u003e\u003cbr/\u003e\n  \u003ca href=\"https://www.imimofficial.com\"\u003eimimofficial.com\u003c/a\u003e\u003cbr/\u003e\n  \u003ca href=\"https://twitter.com/iMiMofficial\"\u003e@iMiMofficial\u003c/a\u003e • \u003ca href=\"https://github.com/iMiMofficial\"\u003eGitHub\u003c/a\u003e\u003cbr/\u003e\n  \u003ca href=\"https://www.patreon.com/iMiMofficial\"\u003ePatreon\u003c/a\u003e • \u003ca href=\"https://www.buymeacoffee.com/imimofficial\"\u003eBuyMeACoffee\u003c/a\u003e • \u003ca href=\"https://paypal.me/imimofficial\"\u003ePayPal\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## 🏆 Credits\n- **Plugin Author:** Md Mim Akhtar\n- **Unofficial:** Not affiliated with 2Factor.in\n\n---\n\n## 📜 License\nGPL v2 or later\n\nThis program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\n\nThis program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License along with this program; if not, see https://www.gnu.org/licenses/gpl-2.0.html\n\n---\n\n## 📅 Changelog\n### 1.0.0\n- Initial public release: production-ready, all-in-one plugin \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimimofficial%2F2factorloginforwp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fimimofficial%2F2factorloginforwp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fimimofficial%2F2factorloginforwp/lists"}