Title: Flavor 2FA Author: kuckovic Published: Febuari 17, 2026 Last modified: Febuari 17, 2026 --- Tafuta vijalizi ![](https://ps.w.org/flavor-2fa/assets/banner-772x250.png?rev=3463223) ![](https://ps.w.org/flavor-2fa/assets/icon-256x256.png?rev=3463223) # Flavor 2FA By [kuckovic](https://profiles.wordpress.org/kuckovic/) [Pakua](https://downloads.wordpress.org/plugin/flavor-2fa.1.0.0.zip) * [Details](https://sw.wordpress.org/plugins/flavor-2fa/#description) * [Reviews](https://sw.wordpress.org/plugins/flavor-2fa/#reviews) * [Installation](https://sw.wordpress.org/plugins/flavor-2fa/#installation) * [Development](https://sw.wordpress.org/plugins/flavor-2fa/#developers) [Saidia](https://wordpress.org/support/plugin/flavor-2fa/) ## Maelezo **Flavor 2FA** adds powerful two-factor authentication to your WordPress site without the complexity. No bloat, no confusing settings – just solid security that protects your site from unauthorized access. #### Why Flavor 2FA? * **Zero configuration needed** – Works out of the box * **Native WordPress styling** – Feels like part of WordPress * **Two verification methods** – Authenticator apps (Google Authenticator, Authy, 1Password) or email codes * **User-friendly setup** – Guided 3-step process with QR code scanning * **Complete admin control** – Force 2FA, reset users, manage lockouts #### Features **For Users:** * Choose between authenticator app or email verification * 10 recovery codes for emergency access * “Trust this device” option to skip 2FA on personal devices * Simple, clean verification screens **For Admins:** * Require 2FA for specific user roles * Grace period for new users* Force immediate 2FA setup on next login * Lockout protection against brute force attacks * Reset 2FA or unlock accounts with one click * See 2FA status for all users at a glance #### Perfect For * Agencies managing client sites * WooCommerce stores handling sensitive data * Membership sites with user accounts * Any WordPress site that needs extra security ### External services This plugin uses a third-party service to generate QR codes during the TOTP authenticator app setup process. #### QR Server API When a user chooses the “Authenticator App” method during 2FA setup, the plugin generates a QR code image via the QR Server API. This QR code contains the TOTP secret URI (which includes the site name, user email, and secret key) so the user can scan it with their authenticator app. * **What data is sent:** A TOTP provisioning URI containing the site name, user email address, and a generated secret key. * **When it is sent:** Only once, when a user sets up TOTP-based two-factor authentication. No data is sent during normal login verification. * **Service provider:** goQR.me / QR Server * **Service URL:** [https://goqr.me/api/](https://goqr.me/api/) * **Terms of service:** [https://goqr.me/api/doc/](https://goqr.me/api/doc/) * **Privacy policy:** [https://goqr.me/privacy-policy/](https://goqr.me/privacy-policy/) ## Installation 1. Upload `flavor-2fa` to `/wp-content/plugins/` 2. Activate through ‘Plugins’ menu 3. Go to **Settings Flavor 2FA** 4. Select which user roles require 2FA 5. Done! Users will be prompted to set up 2FA on their next login ## FAQ ### Which authenticator apps are supported? Any TOTP-compatible app works: Google Authenticator, Authy, 1Password, Microsoft Authenticator, LastPass Authenticator, and more. ### What if a user loses their phone? Users receive 10 one-time recovery codes during setup. If those are also lost, an admin can reset their 2FA from the Users page or plugin settings. ### Can I require 2FA only for administrators? Yes! You can choose exactly which user roles must enable 2FA. Common setups include requiring it for Administrators and Editors while leaving it optional for Subscribers. ### Is there a grace period for new users? Yes, configurable from 0-365 days. New users won’t be forced to set up 2FA until the grace period expires. ### What happens when 2FA is deactivated? All plugin data is automatically cleaned up, including user secrets and recovery codes. Nothing is left behind. ## Reviews Hakuna hakiki za programu-jalizi hii. ## Wachangiaji & Wasanidi “Flavor 2FA” is open source software. The following people have contributed to this plugin. Contributors * [ kuckovic ](https://profiles.wordpress.org/kuckovic/) [Translate “Flavor 2FA” into your language.](https://translate.wordpress.org/projects/wp-plugins/flavor-2fa) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/flavor-2fa/), check out the [SVN repository](https://plugins.svn.wordpress.org/flavor-2fa/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/flavor-2fa/) by [RSS](https://plugins.trac.wordpress.org/log/flavor-2fa/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.0 * Initial release ## Meta * Version **1.0.0** * Last updated **miezi 3 zilizopita** * Active installations **Chini ya 10** * WordPress version ** 5.0 au juu ** * Tested up to **6.9.4** * PHP version ** 8.0 au juu ** * Language * [English (US)](https://wordpress.org/plugins/flavor-2fa/) * Tags * [2FA](https://sw.wordpress.org/plugins/tags/2fa/)[login](https://sw.wordpress.org/plugins/tags/login/) [security](https://sw.wordpress.org/plugins/tags/security/)[totp](https://sw.wordpress.org/plugins/tags/totp/) [two factor authentication](https://sw.wordpress.org/plugins/tags/two-factor-authentication/) * [Advanced View](https://sw.wordpress.org/plugins/flavor-2fa/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/flavor-2fa/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/flavor-2fa/reviews/) ## Contributors * [ kuckovic ](https://profiles.wordpress.org/kuckovic/) ## Saidia Got something to say? Need help? [Angalia Baraza ya Usaidizi](https://wordpress.org/support/plugin/flavor-2fa/)