PHPackages stutzmedien/2fa - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. stutzmedien/2fa ActiveWordpress-plugin[Authentication & Authorization](/categories/authentication) stutzmedien/2fa =============== Authenticator compatible 2FA for WordPress 26.0.1(2mo ago)057GPL-2.0-or-laterPHP Since Jan 27Pushed 2mo agoCompare [ Source](https://github.com/Stutz-Medien/2fa)[ Packagist](https://packagist.org/packages/stutzmedien/2fa)[ RSS](/packages/stutzmedien-2fa/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (9)Versions (4)Used By (0) Andromeda Two‑Factor Authentication (2FA) ========================================= [](#andromeda-twofactor-authentication-2fa) A lightweight WordPress plugin that adds Time‑based One‑Time Password (TOTP) two‑factor authentication to user accounts. Compatible with common authenticator apps like Google Authenticator, Authy, and 1Password. ✨ Features ---------- [](#-features) - **TOTP Authentication** – Secure time-based one-time passwords - **Recovery Codes** – One-time fallback codes with regenerate and download options - **User Control** – Per-user enable/disable functionality - **Quick Setup** – QR code provisioning for easy configuration - **Login Flow Integration** – 2FA challenge injected into wp-login - **Tested** – Comprehensive PHPUnit test suite 📋 Requirements -------------- [](#-requirements) - **PHP:** 8.4 or higher - **WordPress:** 6.8 or higher - **Composer:** For dependency management 🚀 Quick Start ------------- [](#-quick-start) ### Installation [](#installation) ``` composer require stutzmedien/2fa ``` ### Activation [](#activation) 1. Navigate to **wp-admin → Plugins** 2. Find "Andromeda Two‑Factor Authentication" 3. Click **Activate** ### User Setup [](#user-setup) 1. Go to **Users → Your Profile** 2. Find the "Two‑Factor Authentication" section 3. **Scan the QR code** with your authenticator app 4. **Enter the 6-digit code** to verify setup 5. **Check "Enable 2FA"** and save your profile 6. **Store your recovery codes** in a safe place 7. Use **Generate Recovery Codes** when you run out 🛠️ Development -------------- [](#️-development) ### Project Structure [](#project-structure) ``` andromeda-2fa.php # Plugin bootstrap inc/ # Core plugin classes ├── helpers.php ├── UserSettings.php ├── TotpManager.php ├── QrCodeGenerator.php ├── RecoveryManager.php ├── LoginHandler.php └── Plugin.php src/ # Admin/login assets ├── css/ └── js/ tests/ # PHPUnit tests └── Unit/ # Test suites ``` ### Available Scripts [](#available-scripts) CommandDescription`composer test`Run test suite`composer test:coverage`Run tests with HTML coverage report`composer lint`Check code style`composer lint:fix`Auto-fix code style issues### Code Coverage [](#code-coverage) - Requires Xdebug installed and enabled. - The coverage script sets `XDEBUG_MODE=coverage` automatically. - After `composer test:coverage`, open the HTML report in the `coverage/` directory. ⚙️ Technical Details -------------------- [](#️-technical-details) ### Login Flow [](#login-flow) - A 2FA challenge is triggered after primary credential validation for users with 2FA enabled. - The login form accepts either a 6-digit TOTP or a recovery code. - Challenge state is tracked via a short-lived cookie (`andromeda_2fa_token`) and transient (`andromeda_2fa_auth_{token}`). ### Data Storage [](#data-storage) - **Secret Key:** `andromeda_2fa_secret` (user meta) - **Status:** `andromeda_2fa_enabled` (user meta) - **Recovery Codes:** `andromeda_2fa_recovery_codes` (user meta, hashed) - **QR Codes:** Generated as data URIs (no file system writes) - **Recovery Codes Preview:** transient `andromeda_2fa_plain_codes_{user_id}` (shown once) ### Dependencies [](#dependencies) - Managed via `composer.json` - PSR-4 autoloading for clean architecture 🔒 Security ---------- [](#-security) **Found a security issue?** Please contact us privately at **** instead of filing a public issue. 📄 License --------- [](#-license) This project is licensed under the GNU General Public License v2.0 - see the [LICENSE](LICENSE) file for details. ### Health Score 36 — LowBetter than 82% of packages Maintenance84 Actively maintained with recent releases Popularity11 Limited adoption so far Community6 Small or concentrated contributor base Maturity36 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~27 days Total 2 Last Release 83d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f25f37a57ab3b25184658774ba5a3500c5c79219863b780e38908380611eaaf6?d=identicon)[stutzmedien](/maintainers/stutzmedien) --- Top Contributors [![AHaldner](https://avatars.githubusercontent.com/u/88372994?v=4)](https://github.com/AHaldner "AHaldner (18 commits)") ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/stutzmedien-2fa/health.svg) ``` [![Health](https://phpackages.com/badges/stutzmedien-2fa/health.svg)](https://phpackages.com/packages/stutzmedien-2fa) ``` ### Alternatives [scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[scheb/2fa-google-authenticator Extends scheb/2fa-bundle with two-factor authentication using Google Authenticator 298.2M30](/packages/scheb-2fa-google-authenticator)[scheb/2fa-totp Extends scheb/2fa-bundle with two-factor authentication using TOTP 292.7M22](/packages/scheb-2fa-totp)[born05/craft-twofactorauthentication Craft 4 plugin for two-factor or two-step login using Time Based OTP. 36100.1k1](/packages/born05-craft-twofactorauthentication)[msp/twofactorauth Two Factor Authentication module for Magento2 - Member of MageSpecialist SecuritySuite 4462.1k2](/packages/msp-twofactorauth)[sandstorm/neostwofactorauthentication 1223.6k](/packages/sandstorm-neostwofactorauthentication) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)