{"id":299109,"date":"2026-04-23T09:40:09","date_gmt":"2026-04-23T09:40:09","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/brightery-secure-2fa\/"},"modified":"2026-04-23T09:39:33","modified_gmt":"2026-04-23T09:39:33","slug":"brightery-secure-2fa","status":"publish","type":"plugin","link":"https:\/\/ku.wordpress.org\/plugins\/brightery-secure-2fa\/","author":17316408,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.0","stable_tag":"1.0.0","tested":"6.9.4","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"Brightery Secure 2FA","header_author":"Brightery","header_description":"Production-focused two-factor authentication for WordPress with TOTP, Passkeys\/WebAuthn, role-based enforcement, REST\/API policy controls, service-account allowlists, login-context alerts, WooCommerce integration, logs, and forced enrollment.","assets_banners_color":"8d98ac","last_updated":"2026-04-23 09:39:33","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/www.brightery.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":68,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"brighterycom","date":"2026-04-23 09:39:33"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3513593,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3513593,"resolution":"1544x500","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[9211,710,600],"plugin_category":[38,54],"plugin_contributors":[257918],"plugin_business_model":[],"class_list":["post-299109","plugin","type-plugin","status-publish","hentry","plugin_tags-2fa","plugin_tags-authentication","plugin_tags-security","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-brighterycom","plugin_committers-brighterycom"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/brightery-secure-2fa\/assets\/icon-256x256.png?rev=3513593","icon_2x":"https:\/\/ps.w.org\/brightery-secure-2fa\/assets\/icon-256x256.png?rev=3513593","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Brightery Secure 2FA adds a strong second login step for WordPress accounts while staying lightweight in runtime.<\/p>\n\n<p>Features:<\/p>\n\n<ul>\n<li>Authenticator app (TOTP) support.<\/li>\n<li>Passkeys \/ WebAuthn support for Touch ID, Face ID, Windows Hello, fingerprint readers, and device PIN.<\/li>\n<li>Role-based enforcement: require selected user groups to enroll.<\/li>\n<li>Forced enrollment page to block protected users until they configure security.<\/li>\n<li>Backup codes.<\/li>\n<li>Encrypted TOTP secret storage using WordPress salts.<\/li>\n<li>Login throttling for repeated primary-login and second-factor failures.<\/li>\n<li>Lightweight audit logs stored inside WordPress options.<\/li>\n<li>Email alerts for enrollment changes and lockouts.<\/li>\n<li>Trusted devices so users can skip 2FA on approved browsers for a limited period.<\/li>\n<li>CSV export for security logs.<\/li>\n<li>Advanced log filters and search.<\/li>\n<li>Custom labels for trusted devices and passkeys.<\/li>\n<li>Optional revocation of other sessions after security changes.<\/li>\n<li>Optional blocking of WordPress application passwords for protected \/ 2FA-enabled users.<\/li>\n<li>Lightweight runtime: the plugin mostly runs on login, profile, AJAX, settings pages, WooCommerce account pages, and authenticated REST requests.<\/li>\n<\/ul>\n\n<h3>Important Notes<\/h3>\n\n<ul>\n<li>HTTPS is required for passkeys in production.<\/li>\n<li>This build is optimized for normal interactive WordPress logins and admin access enforcement.<\/li>\n<li>Passkey attestation trust-chain validation is intentionally not enforced in order to remain lightweight and dependency-free.\nThe plugin still validates challenge, origin, RP ID hash, user presence, optional user verification, signature, and signature counter.<\/li>\n<li>This lightweight build supports ES256 passkeys.<\/li>\n<li>TOTP setup includes a local QR-code renderer so the setup secret stays on your own WordPress site during enrollment.<\/li>\n<li>The plugin stores account-security data such as trusted-device records, passkey metadata, security logs, and a limited recent login-context history.<\/li>\n<li>A privacy-policy suggestion plus WordPress personal-data exporter and eraser integrations are included.<\/li>\n<li>There are no non-GPL third-party runtime libraries bundled with this plugin;\nthe distributed JavaScript and CSS files are included as human-readable source.<\/li>\n<\/ul>\n\n<h3>Security Model<\/h3>\n\n<ul>\n<li>TOTP secrets are encrypted before storing in user meta.<\/li>\n<li>Backup codes are stored hashed.<\/li>\n<li>Passkeys verify origin, RP ID hash, challenge, signature, and signature counter.<\/li>\n<li>Rate limiting helps slow repeated login and 2FA guessing attempts.<\/li>\n<li>The plugin can require passkey user verification for biometric\/PIN-backed sign-in.<\/li>\n<\/ul>\n\n<h3>Privacy<\/h3>\n\n<p>Brightery Secure 2FA stores security-related account data so it can protect logins and help administrators investigate suspicious access.\nThe plugin adds suggested privacy-policy text to WordPress and registers personal-data exporter\/eraser callbacks for the data it stores.<\/p>\n\n<h3>Source Code and Licensing<\/h3>\n\n<ul>\n<li>All distributed plugin PHP, JS, and CSS files are included as human-readable source.<\/li>\n<li>The local QR renderer is bundled directly in <code>assets\/js\/bs2fa-qr.js<\/code> as readable source code.<\/li>\n<li>No non-GPL runtime libraries are required for normal plugin operation.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the ZIP in WordPress Plugins &gt; Add New &gt; Upload Plugin.<\/li>\n<li>Activate \"Brightery Secure 2FA\".<\/li>\n<li>Go to Settings &gt; Brightery Secure 2FA.<\/li>\n<li>Select allowed methods and the user roles that must use 2FA.<\/li>\n<li>Ask each protected user to finish setup from Profile or 2FA Setup.<\/li>\n<\/ol>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Production-focused two-factor authentication for WordPress with authenticator apps, passkeys, forced enrollment, and advanced session hardening.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/299109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=299109"}],"author":[{"embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/brighterycom"}],"wp:attachment":[{"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=299109"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=299109"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=299109"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=299109"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=299109"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ku.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=299109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}