WordPress Invitation Code - Use Case - How To Require 2FA Verification When Using Invitation Codes

Use Case - How To Require 2FA Verification When Using Invitation Codes

Back to User Guides

Introduction

This WordPress Invitation Code plugin allows you to create and sell a series of personalized temporary access codes. Each code grants limited access to a selected page only. When creating codes, you assign them to a post, a page, a URL or a file. It will automatically be locked and, when accessing it, visitors will be prompted to input the code.

Use Case Front-End

Entering the invitation code and email address, and requesting one-time password for passing 2FA verification:

Example of the email notification with one-time password:

Entering one-time password and accessing the content:

Use Case Assumptions

In this example use case guide we will consider how to increase the security of restricted content by requiring 2FA verification when using invitation codes.

We consider that you have already bought the WordPress Invitation Code plugin, but not installed it yet. 

It follows:

• Installing the plugin
• General plugin settings
• Using 2FA verification
• Disabling 2FA for specific codes
• End result

Installing the Plugin

The process is the same for all CM plugins and add-ons.

• Download the plugin from your customer dashboard.
• Log in to WordPress and navigate to the WordPress Admin → Plugins settings.
• Click on Add New.
• Activate it and add the license.

Learn more: Getting Started - Plugin Overview

General Plugin Settings

First of all, let's go to the general plugin settings and configure the relevant settings. Navigate to Admin Dashboard → Invitation Code Content Access → Settings → General tab.

Scroll down and find the section Email validation and 2FA verification. It has the following settings:

• Email required while code entered - Enable this option to require the email address when using the invitation code. The user will not be able to access the content without providing his email address. If only this option is enabled without enabling further options, then you will be able to track emails of users who used the invitation code.

Example

This is how the form with the field for email looks like in front-end:

On the back-end when viewing and editing the invitation code you can see the list of emails, who used that code:

• Validate email with code - If enabled, when entering the code the user must use the email which is assigned to the invitation code, otherwise he can't access the content. Requires the option Email required while code entered to be enabled.

Example

When creating an invitation code, the admin should specify the email address that the code should be assigned to. It can be done using the option Notification email. When the code is created, the user will be notified by the email about his invitation code.

This code should be used only with specified email. Using any other email will not allow to access the content even though the invitation code is correct:

• Enable Email 2FA - If enabled, when entering the invitation code, the user must enter his email. There will be sent a temporary one-time code which the user should also enter to the access box. Works only when options Validate email with code and Email required while code entered are enabled.
• E-mail Code Expiration (in minutes) - Define the expiration time of the one-time email code.
• E-mail Subject - The subject of the email that notifies users about one-time codes.
• E-mail Content - The content of the email that notifies users about one-time codes. You can use the following placeholders:
  • [code] - code that the user has to enter to approve the access. The email template MUST contain this shortcode.
  • [expiration] - shows in how many minutes the code expires.

Don't forget to click the button Save Changes after configuring the settings:

Using 2FA Verification

Let's create a code, where we specify only code title, the code itself, define the restricted content and assign the code to a specific email:

An email notification with the invitation code will be sent to the email address owner:

Now let's access the content using the relevant email address - the user enters the invitation code, his email, and there appears a button Send Authentication Code which the user has to click:

The code is sent, and there appears a field 2FA Code for entering a one-time password, and there are 2 buttons: Resend Code (which allows to get the code again, for example, if the previous one was expired) and Apply Code (which allows to use the received one-time password).

The user receives a one-time password and the email says when this code will expire:

After the user enters this code and clicks Apply Code, he accesses the content:

Now let's try to access the content using some another email, which is not assigned to the invitation code - when entering the wrong email, the plugin will inform about that. And attempt to request a one-time password will also inform that the user needs to enter the correct email address:

What If I Don't Assign an Email to Code?

In case, if you don't assign any email to the invitation code while creating it, any user can use this code. He will be required to enter his email address with the invitation code, but there will not be used a 2FA feature. Rigth after using the code, his email will be recorder to the field Notification email, so his email will be assigned to the code.

Next time when using the code, this code can be used only with this email and only with 2FA verification.

Disabling 2FA for Specific Codes

When you enable the 2FA feature in the general plugin settings, by default these settings are applied to all invitation codes. But it is also possible to disable the 2FA feature for specific invitation codes.

It can be done when editing the needed invitation code. To do this, navigate to Admin Dashboard → Invitation Code Content Access → Invitation codes. Hover on the needed code and click Edit.

Scroll down and find the section Email validation and 2FA verification. It has 2 options:

• Exclude validation email - Enable this option if you want to disable email validation. It means that the user can use any email, not the one that is assigned to the code. But if next option is disabled, the user still will have to go through the 2FA verification process. So, in result it helps to confirm that the user uses his real email address and not just a random one.
• Exclude 2FA email verification - This option can be enabled only if the previous one is enabled. If this option is enabled, the user will still have to enter the email address, but will not have to go through the process of 2FA verification process.

Let's check how both options work on the front-end.

1) First case - only the option Exclude validation email is enabled:

As a result, the user enters the invitation code, his email, and then he needs to enter one-time password that he receives on his email:

2) Second case - both options are enabled - Exclude validation email and Exclude 2FA email verification:

As a result, the user enters the invitation code and any email, without need to go through the 2FA verification process:

End Result

Following instructions found in the plugin and guides, you should be able to increase the security of restricted content by requiring 2FA verification when using invitation codes.

Use Case Front-End

Entering the invitation code and email address, and requesting one-time password for passing 2FA verification:

Example of the email notification with one-time password:

Entering one-time password and accessing the content:

	More information about the WordPress Invitation Code Plugin Other WordPress products can be found at CreativeMinds WordPress Store
	Let us know how we can Improve this Product Documentation Page To open a Support Ticket visit our support center