The most highly requested WP 2FA feature we are asked for is to allow users to setup two-factor authentication from a website page. In eCommerce stores and membership / subscription websites users only have access to custom user profile pages, so it was not possible for them to setup 2FA.
With this update of our two-factor authentication plugin for WordPress, all site users, members and customers can setup 2FA from a website page. They do not need to have access the WordPress dashboard.
In this release post we explain how we are supporting custom user profile pages, and also highlight what else is new and improved in WP 2FA update 1.3.
The 2FA setup website page
In this update of the plugin we added the new front-end website page from where authenticated users can configure 2FA for their user accounts. This means that they do not need to have access to the dashboard to setup 2FA.
Once this feature is enabled and a URL is specified, the plugin creates a page that can only be accessed by authenticated users. Users do not need to have access to the WordPress dashboard to setup two-factor authentication for their WordPress user. When you create the custom page your users will be redirected to your new custom page from the dashboard notice, as well as have access to the traditional setup wizard too.
Read the 2FA setup website page support document for more detailed information on this feature.
Shortcodes to fully customize the 2FA experience
In this update we have also included a number of shortcodes, which you can use if you do not want to use a dedicated page for the 2FA settings.
Read the WP 2FA shortcodes documentation for more information on how you can include the 2FA user configuration settings and notifications in any of your custom pages, and also style the plugin’s notifications and text to match your business’ branding.
Improved 2FA policies
One of the key features our plugin offers, are the two-factor authentication (2FA) policies. Up until this update, if you wanted to enforce 2FA, you could configure your 2FA policy for users based on one of three criteria –
- Enforce 2FA on all Users
- Enforce 2FA on users with a role (or several roles)
- Enforce 2FA on specific users
Whilst we felt this was a flexible approach, we realised that we could make this even better by combining the role/username options, allowing you to apply your 2FA policy to not only users with a specific role, but also to specific users at the same time.
So what does this mean? Well, as of this update you could enforce 2FA on all users with the role “subscriber” or “editor”, like you could before – but you can also then enforce 2FA on specific users (regardless of role), all in the same policy.
What happens to my current policy?
If your already using WP 2FA and have your policies setup to apply to specific roles or users, these will automatically be inherited when you update to version 1.3, so you can continue to use the plugin as normal or if you wish, you can make use of the new feature and expand your policies to make your site even more secure.
Upgrade to WP 2FA 1.3 for a more complete 2FA solution
In this update we have also included a number of improvements and fixed a few bugs. Refer to the plugin changelog for a complete list of what is new, improved and fixed in this update.
If you are one of the many who until now could not use the plugin because your users, customers or subscribers could not setup 2FA because they do not have access to the dashboard, this is the download you have been waiting for.
The post WP 2FA 1.3: 2FA setup website page & improved 2FA policies appeared first on WP White Security.
Source: Security Feed