Title: Rat Two-Factor Authentication Author: rathsh Published: September 23, 2025 Last modified: September 23, 2025 --- Search plugins ![](https://ps.w.org/rat-two-factor-authentication/assets/banner-772x250.jpg?rev =3366509) ![](https://ps.w.org/rat-two-factor-authentication/assets/icon-256x256.jpg?rev=3366509) # Rat Two-Factor Authentication By [rathsh](https://profiles.wordpress.org/rathsh/) [Download](https://downloads.wordpress.org/plugin/rat-two-factor-authentication.zip) * [Details](https://test.wordpress.org/plugins/rat-two-factor-authentication/#description) * [Reviews](https://test.wordpress.org/plugins/rat-two-factor-authentication/#reviews) * [Installation](https://test.wordpress.org/plugins/rat-two-factor-authentication/#installation) * [Development](https://test.wordpress.org/plugins/rat-two-factor-authentication/#developers) [Support](https://wordpress.org/support/plugin/rat-two-factor-authentication/) ## Description **Rat Two-Factor Authentication** is a lightweight yet powerful security plugin that adds an extra layer of protection to your WordPress site through email-based One-Time Password (OTP) verification. #### Key Features * **Email-based OTP verification** – Secure 6-digit codes sent to user’s email * **Lightweight and fast** – Minimal impact on site performance * **User-friendly interface** – Clean, responsive design that works on all devices * **Flexible settings** – Enable 2FA globally or per user * **Role-based requirements** – Require 2FA for specific user roles * **Session management** – Secure session handling with timeout protection * **AJAX-powered** – Smooth user experience without page reloads * **Auto-submit functionality** – Automatically submits form when 6 digits are entered * **Resend functionality** – Users can request new codes with cooldown protection * **Mobile-friendly** – Optimized for mobile login experiences * **Security-first** – Nonce protection, input sanitization, and secure coding practices #### How It Works 1. User enters their username and password normally 2. If 2FA is enabled, they’re redirected to an OTP verification screen 3. A 6-digit code is sent to their registered email address 4. User enters the code to complete login 5. Code expires after 10 minutes for security #### Perfect For * **Business websites** requiring enhanced security * **E-commerce stores** protecting customer accounts * **Membership sites** with sensitive user data * **Multi-author blogs** securing contributor access * **Any WordPress site** wanting better login security #### Admin Features * **Global 2FA setting** – Enable for all users * **Force 2FA option** – Make it mandatory for selected roles * **Role-based configuration** – Choose which roles require 2FA * **User profile integration** – Users can enable/disable 2FA individually * **Clean admin interface** – Easy to configure and manage #### Developer Friendly * **Well-documented code** with inline comments * **WordPress coding standards** compliant * **Hook system** for customization * **Lightweight codebase** for easy modification * **No external dependencies** – Pure WordPress integration #### Security Features * **Nonce verification** for all AJAX requests * **Input sanitization** and validation * **Secure OTP generation** using WordPress built-in functions * **Session timeout** protection (10 minutes) * **Rate limiting** on resend requests * **No plain text storage** of OTP codes ### Configuration #### Global Settings Navigate to **Settings > Two-Factor Auth** to configure: * **Enable 2FA Globally**: Turn on 2FA for all users * **Force 2FA for All Users**: Make 2FA mandatory regardless of user preference * **Required User Roles**: Select specific roles that must use 2FA #### User Settings Each user can enable/disable 2FA in their profile: 1. Go to **Users > Profile** (or **Users > Your Profile**) 2. Find the “Two-Factor Authentication” section 3. Check “Enable 2FA” to activate for that user 4. Save the profile #### Email Configuration The plugin uses WordPress’s built-in `wp_mail()` function. Ensure your site can send emails properly. Consider using: * SMTP plugins for reliable email delivery * Email services like SendGrid, Mailgun, or Amazon SES * Proper SPF/DKIM records for your domain ### Support For support, feature requests, or bug reports: * **Plugin Support**: [WordPress.org Support Forum](https://wordpress.org/support/plugin/rat-two-factor-authentication) * **Documentation**: Available in the plugin’s admin area * **Bug Reports**: Please provide detailed information about your setup ### Contributing We welcome contributions! The plugin follows WordPress coding standards and best practices. ### Privacy Policy This plugin: * Stores minimal user data (2FA preference and temporary OTP hashes)* Does not send data to external services * Uses WordPress’s built-in email system* Follows WordPress privacy guidelines * Allows data export/erasure as per GDPR requirements ### Technical Requirements * WordPress 5.0 or higher * PHP 7.4 or higher * MySQL 5.6 or higher (or equivalent MariaDB) * Ability to send emails from WordPress * Modern web browser with JavaScript enabled ### Credits Developed with ❤️ by the Rat Plugins team, focused on creating lightweight, powerful, and user-friendly WordPress plugins. ### License This plugin is licensed under the GPL v2 or later. > This program is free software; you can redistribute it and/or modify it under > the terms of the GNU General Public License as published by the Free Software > Foundation; either version 2 of the License, or (at your option) any later version. > This program is distributed in the hope that it will be useful, but WITHOUT ANY > WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR > A PARTICULAR PURPOSE. See the GNU General Public License for more details. ## Installation #### Automatic Installation 1. Login to your WordPress admin panel 2. Navigate to Plugins > Add New 3. Search for “Rat Two-Factor Authentication” 4. Click “Install Now” and then “Activate” #### Manual Installation 1. Download the plugin zip file 2. Upload it to `/wp-content/plugins/` directory 3. Extract the zip file 4. Activate the plugin through the ‘Plugins’ menu in WordPress #### After Installation 1. Go to Settings > Two-Factor Auth 2. Configure your preferred settings 3. Enable 2FA for your user account in your profile 4. Test the functionality ## FAQ ### Is this plugin free? Yes, Rat Two-Factor Authentication is completely free and open-source. ### Does it work with any email provider? Yes, it works with any email provider as it uses WordPress’s standard email system. ### Can I customize the email template? Yes, you can use WordPress hooks to customize the email content and styling. ### What happens if a user loses access to their email? Administrators can disable 2FA for any user from their profile page in the admin area. ### Does it work with other security plugins? Yes, it’s designed to work alongside other security plugins without conflicts. ### Is it compatible with multisite? The plugin works on multisite installations and can be configured per site. ### How secure are the OTP codes? OTP codes are generated using WordPress’s secure random functions and are hashed before storage. ### Can I change the code expiry time? Currently set to 10 minutes, but developers can modify this using plugin hooks. ### Does it support app-based authentication? This version focuses on email-based OTP. App-based authentication may be added in future versions. ### Is there a premium version? Currently, there’s only the free version with all features included. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “Rat Two-Factor Authentication” is open source software. The following people have contributed to this plugin. Contributors * [ rathsh ](https://profiles.wordpress.org/rathsh/) [Translate “Rat Two-Factor Authentication” into your language.](https://translate.wordpress.org/projects/wp-plugins/rat-two-factor-authentication) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/rat-two-factor-authentication/), check out the [SVN repository](https://plugins.svn.wordpress.org/rat-two-factor-authentication/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/rat-two-factor-authentication/) by [RSS](https://plugins.trac.wordpress.org/log/rat-two-factor-authentication/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.1 – 2024-12-19 * Initial release * Email-based OTP verification * User and admin interfaces * Role-based requirements * Session management * AJAX functionality * Mobile optimization * Security implementations * WordPress 6.4 compatibility ## Meta * Version **1.0.1** * Last updated **6 months ago** * Active installations **Fewer than 10** * WordPress version ** 5.0 or higher ** * Tested up to **6.8.5** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/rat-two-factor-authentication/) * Tags * [2FA](https://test.wordpress.org/plugins/tags/2fa/)[authentication](https://test.wordpress.org/plugins/tags/authentication/) [otp](https://test.wordpress.org/plugins/tags/otp/)[security](https://test.wordpress.org/plugins/tags/security/) [two factor](https://test.wordpress.org/plugins/tags/two-factor/) * [Advanced View](https://test.wordpress.org/plugins/rat-two-factor-authentication/advanced/) ## Ratings No reviews have been submitted yet. [Add my review](https://wordpress.org/support/plugin/rat-two-factor-authentication/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/rat-two-factor-authentication/reviews/) ## Contributors * [ rathsh ](https://profiles.wordpress.org/rathsh/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/rat-two-factor-authentication/)