WordPress Two Factor Authentication (CMAUTH) - Plugin Settings - General Settings

General Settings

Back to User Guide

In General settings changes can be made to the login protection method and other aspects that apply to most or all users.

The settings for the WordPress Two Factor Authentication plugin can be accessed by clicking either the main plugin button or the one below:

General plugin settings - WordPress Login SMS Verification
General plugin settings

Login

Login settings - 2 Factor Authentication for WordPress
Login settings
  • Protection Method: You can choose from four protection methods: Google Authenticator, Mobile Phone SMS, Email verification and Email code. You can also let users choose between SMS and e-mail. You can learn more about each of them by reading this guide.
  • Require a chosen protection method for all users: Will apply the previously selected solution for all users.
  • Require chosen protection method for chosen roles: This field will only appear if "No" was chosen in the previous option.
  • Allow login only from IP - Allow login requests from specific IP addresses. IPs must be separated by lines. Note: this option was introduced in version 1.8.2.
  • Deny login from IP - Deny login requests from specific IP addresses. IPs must be separated by lines. Note: this option was introduced in version 1.8.2.

Disable passwords

You can disable the password for every user or only for those with certain roles. Note that disabling the password does not mean the users will only need their username to sign. Instead, they will login with their usernames and the chosen authentication method.

Disabling passwords - How to Enable 2FA On WordPress
Disabling passwords

Common

Common settings - WordPress 2FA
Common settings
  • Expiration time for the email/SMS code or link [minutes] - Here you can set how long codes will work after requesting them.
  • Sleep time when the entered code is incorrect [seconds] - Here you can set how long the user has to wait before requesting new code in case if he entered incorrect code. This is good method to keep scammers away.
  • Logout after activity/inactivity time [minutes] - Choosing to automatically logout after a set time helps to ensure the account is safe even if the user forgets to log out. Shortening the expiration and activity/inactivity times increases security, but making the period too short can be inconvenient for users. The settings are applied to every user.
  • Logout mode - Choose how to apply the logout time. For:
    • Inactivity only
    • Both (Activate or Inactivate)
  • Characters set to generate the code from - Choose which characters will be used to create the codes for Email or SMS verification methods.
  • Code length - Define the length of the 2FA code for Email or SMS verification methods.

  • Enable separated input fields for code - If enabled, then separated input fields will be shown with Google Authenticator protection method. Note: this option was introduced in version 1.8.2.

    Separated fields - WordPress Two Step Authentication
    Separated fields
  • Allow user to trust the device - If enabled, users will able to trust the device while login. A custom cookie is used by this option to identify trusted devices. This cookie will store a unique token for X days and this cookie will automatically expire after X days and on logout too. Next time when the user comes to the website and cookie is found on thesame device, then the user is auto logged-in. Note: this option was introduced in version 1.8.2.
  • Trusted device time period (days) - Here you can set the amount of days to remember the trusted device. Default value is 30 days. Note: this option was introduced in version 1.8.2.

Statistics

This section has the following options:

Statistics settings - WordPress Two Factor Authentication Plugin
Statistics settings
  • Enable statistics - If enabled, the plugin will collect the detailed information about all logins that were done using 2FA protection. You can sort the information by: ID, user, user role, login method, device info, IP address, login time. You can also filter the information by the specific user and period of time. Note: this option was introduced in version 1.6.8. 
  • Success rate - This bar shows the statistics rate of successful logins to your site (that were made using one of the secure login methods). Note: this option was introduced in version 1.6.9.

Learn more about this feature in this guide: WordPress Two Factor Authentication (CMAUTH) - How To - Collect Login Statistics


More information about the WordPress Two Factor Authentication plugin

Other WordPress products can be found at CreativeMinds WordPress Store

Let us know how we can Improve this Product Documentation Page

To open a Support Ticket visit our support center
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Support Documents