Title: Brightery Secure 2FA Author: Brightery Published: 2026 年 4 月 23 日 Last modified: 2026 年 4 月 23 日 --- 搜索插件 ![](https://ps.w.org/brightery-secure-2fa/assets/icon-256x256.png?rev=3513593) # Brightery Secure 2FA 作者:[Brightery](https://profiles.wordpress.org/brighterycom/) [下载](https://downloads.wordpress.org/plugin/brightery-secure-2fa.1.0.0.zip) * [详情](https://cn.wordpress.org/plugins/brightery-secure-2fa/#description) * [评价](https://cn.wordpress.org/plugins/brightery-secure-2fa/#reviews) * [安装](https://cn.wordpress.org/plugins/brightery-secure-2fa/#installation) * [开发进展](https://cn.wordpress.org/plugins/brightery-secure-2fa/#developers) [支持](https://wordpress.org/support/plugin/brightery-secure-2fa/) ## 描述 Brightery Secure 2FA adds a strong second login step for WordPress accounts while staying lightweight in runtime. Features: * Authenticator app (TOTP) support. * Passkeys / WebAuthn support for Touch ID, Face ID, Windows Hello, fingerprint readers, and device PIN. * Role-based enforcement: require selected user groups to enroll. * Forced enrollment page to block protected users until they configure security. * Backup codes. * Encrypted TOTP secret storage using WordPress salts. * Login throttling for repeated primary-login and second-factor failures. * Lightweight audit logs stored inside WordPress options. * Email alerts for enrollment changes and lockouts. * Trusted devices so users can skip 2FA on approved browsers for a limited period. * CSV export for security logs. * Advanced log filters and search. * Custom labels for trusted devices and passkeys. * Optional revocation of other sessions after security changes. * Optional blocking of WordPress application passwords for protected / 2FA-enabled users. * Lightweight runtime: the plugin mostly runs on login, profile, AJAX, settings pages, WooCommerce account pages, and authenticated REST requests. ### Important Notes * HTTPS is required for passkeys in production. * This build is optimized for normal interactive WordPress logins and admin access enforcement. * Passkey attestation trust-chain validation is intentionally not enforced in order to remain lightweight and dependency-free. The plugin still validates challenge, origin, RP ID hash, user presence, optional user verification, signature, and signature counter. * This lightweight build supports ES256 passkeys. * TOTP setup includes a local QR-code renderer so the setup secret stays on your own WordPress site during enrollment. * The plugin stores account-security data such as trusted-device records, passkey metadata, security logs, and a limited recent login-context history. * A privacy-policy suggestion plus WordPress personal-data exporter and eraser integrations are included. * There are no non-GPL third-party runtime libraries bundled with this plugin; the distributed JavaScript and CSS files are included as human-readable source. ### Security Model * TOTP secrets are encrypted before storing in user meta. * Backup codes are stored hashed. * Passkeys verify origin, RP ID hash, challenge, signature, and signature counter. * Rate limiting helps slow repeated login and 2FA guessing attempts. * The plugin can require passkey user verification for biometric/PIN-backed sign- in. ### Privacy Brightery Secure 2FA stores security-related account data so it can protect logins and help administrators investigate suspicious access. The plugin adds suggested privacy-policy text to WordPress and registers personal-data exporter/eraser callbacks for the data it stores. ### Source Code and Licensing * All distributed plugin PHP, JS, and CSS files are included as human-readable source. * The local QR renderer is bundled directly in `assets/js/bs2fa-qr.js` as readable source code. * No non-GPL runtime libraries are required for normal plugin operation. ## 安装 1. Upload the ZIP in WordPress Plugins > Add New > Upload Plugin. 2. Activate “Brightery Secure 2FA”. 3. Go to Settings > Brightery Secure 2FA. 4. Select allowed methods and the user roles that must use 2FA. 5. Ask each protected user to finish setup from Profile or 2FA Setup. ## 评价 此插件暂无评价。 ## 贡献者及开发者 「Brightery Secure 2FA」是开源软件。 以下人员对此插件做出了贡献。 贡献者 * [ Brightery ](https://profiles.wordpress.org/brighterycom/) [帮助将「Brightery Secure 2FA」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/brightery-secure-2fa) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/brightery-secure-2fa/), 查看[SVN仓库](https://plugins.svn.wordpress.org/brightery-secure-2fa/),或通过[RSS](https://plugins.trac.wordpress.org/log/brightery-secure-2fa/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/brightery-secure-2fa/)。 ## 更新日志 #### 1.0.0 * Initial release. ## 额外信息 * 版本 **1.0.0** * 最后更新:**2 周前** * 活跃安装数量 **不到10** * WordPress 版本 ** 6.2 或更高版本 ** * 已测试的最高版本为 **6.9.4** * PHP 版本 ** 7.4 或更高版本 ** * 语言 * [English (US)](https://wordpress.org/plugins/brightery-secure-2fa/) * 标签 * [2FA](https://cn.wordpress.org/plugins/tags/2fa/)[authentication](https://cn.wordpress.org/plugins/tags/authentication/) [security](https://cn.wordpress.org/plugins/tags/security/) * [高级视图](https://cn.wordpress.org/plugins/brightery-secure-2fa/advanced/) ## 评级 尚未提交反馈。 [Your review](https://wordpress.org/support/plugin/brightery-secure-2fa/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/brightery-secure-2fa/reviews/) ## 贡献者 * [ Brightery ](https://profiles.wordpress.org/brighterycom/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/brightery-secure-2fa/)