AuthPress is a comprehensive two-factor authentication plugin for WordPress that started with Telegram support and has evolved into a flexible multi-provider 2FA solution. Secure your WordPress site with multiple authentication methods and extensible provider system.
- Telegram π±: Our original provider - receive codes via Telegram messages
- Email π§: Send verification codes via email
- Authenticator Apps π: TOTP support for Google Authenticator, Authy, Microsoft Authenticator, and more
- Recovery Codes π: Emergency backup codes for account recovery
- Custom Providers π§: Extensible system supporting SMS, Passkey, and other custom implementations
- Instant authentication code delivery via Telegram bot
- Failed login attempt notifications
- Works on any device with Telegram installed
- Simple setup with Bot Token from @BotFather
- Admin alerts for security monitoring
- Send verification codes via email
- Configurable token duration
- Compatible with all email clients
- Fallback option when other methods unavailable
- Standard TOTP (Time-based One-Time Password) support
- Works completely offline
- Compatible with all major authenticator apps
- Easy setup with QR codes or manual entry
- 30-second rotating codes
- Developer-friendly: Simple API for creating custom providers
- SMS Support: Ready-to-use SMS providers (via extensions)
- Passkey Support: Modern WebAuthn implementation available
- Plugin Architecture: Each provider can be a separate plugin
- Seamless Integration: All providers work together in the same interface
- Recovery Codes: Single-use emergency access codes
- Advanced Logging: Detailed activity monitoring with pagination
- Centralized Management: All providers configured in one place
- Rate Limiting: Protection against brute force attacks
- Secure Storage: Hashed codes and encrypted user data
- Download the plugin
- Upload the folder to the
/wp-content/plugins/directory - Activate the plugin through the 'Plugins' menu in WordPress
- Go to Settings > AuthPress to configure providers
Go to Settings > AuthPress > Providers to configure available 2FA methods:
- Telegram Provider: Enter Bot Token and configure notifications
- Email Provider: Set token duration and email templates
- Authenticator Provider: Enable TOTP support for authenticator apps
- Recovery Codes: Configure emergency access codes
- Custom Providers: Configure any installed third-party providers (SMS, Passkey, etc.)
- Create a Telegram bot via @BotFather
- Get the Bot Token
- Enter the token in the Telegram Provider section
- Configure failed login notifications (optional)
Users can enable and configure 2FA in their WordPress profile:
- Navigate to Users > Your Profile
- Scroll to the AuthPress section
- Choose and configure your preferred 2FA methods:
- Telegram: Enter Chat ID and verify with test code
- Email: Automatically uses account email
- Authenticator: Scan QR code or manually enter secret
- Recovery Codes: Generate and securely store backup codes
- Users can enable multiple providers for redundancy
- Test each method before relying on it for login
When a user with 2FA enabled logs in:
- Enter username and password
- Redirected to 2FA verification page
- Choose authentication method (if both configured)
- Enter received code
- Access the site
- Receive a 6-digit code via Telegram message
- Instant delivery with confirmation buttons
- Codes expire after 5 minutes for security
- Admin notifications for failed attempts
- Verification codes sent to registered email address
- Configurable expiration time (default: 20 minutes)
- HTML formatted emails with security information
- Works with all email providers
- Use Google Authenticator, Authy, Microsoft Authenticator, or any TOTP app
- 6-digit codes that refresh every 30 seconds
- Works completely offline
- Scan QR code for quick setup
- Emergency single-use backup codes (typically 8 codes)
- Use when primary methods are unavailable
- Regenerate new codes anytime
- Store securely offline
- SMS codes via various SMS providers
- Passkey/WebAuthn for biometric authentication
- Any custom implementation following AuthPress API
Administrators can:
- Enable/disable providers globally
- Configure settings for each provider
- View activity logs
- Manage security notifications
- Bot Logs: View all Telegram bot activities
- Authentication Logs: Monitor login attempts and authentication
- Notifications: Receive alerts about suspicious access attempts
- View user 2FA status
- Disable 2FA for specific users
- Manage individual configurations
- Google Authenticator
- Microsoft Authenticator
- Authy
- 1Password
- Bitwarden
- KeePass
- And any other TOTP-compatible app
- WordPress 5.0+
- PHP 7.4+
- MySQL 5.6+
- Always use HTTPS
- Generate recovery codes and store them securely
- Enable both providers for maximum flexibility
- Regularly monitor access logs
- Configure notifications for failed login attempts
- Automatically expiring codes
- Rate limiting on access attempts
- Complete activity logging
- Server-side validation
- Protection against brute force attacks
AuthPress features a powerful extensible architecture that allows developers to create custom 2FA providers. The system supports:
- SMS Providers: Integrate with services like Twilio, MessageBird, etc.
- Push Notifications: Mobile app-based authentication
- Hardware Tokens: YubiKey, RSA tokens, etc.
- Biometric Authentication: Passkey/WebAuthn support
- Custom APIs: Any external authentication service
- Study the Documentation: Check
https://github.com/dueclic/authpress/custom_providers/DEVELOPER-GUIDE-CUSTOM-PROVIDERS.md - Simple API: Extend the
Abstract_Providerclass 3WordPress Integration: Use standard WordPress hooks and filters
// Register your provider
function my_sms_provider_register($providers) {
$providers['my_sms'] = 'MyPlugin\\SMS_Provider';
return $providers;
}
add_filter('authpress_register_providers', 'my_sms_provider_register');For support and assistance:
- Email: [email protected]
- WordPress.org: Support Section
- GitHub: Issues
- Developer Documentation:
https://github.com/dueclic/authpress/custom_providers/DEVELOPER-GUIDE-CUSTOM-PROVIDERS.md
- π Rebranded to AuthPress - reflecting the evolution beyond Telegram
- π§ Extensible Provider System - developers can create custom 2FA providers
- π§ Email Provider - built-in email-based 2FA support
- π Enhanced TOTP - improved authenticator app support
- π οΈ Developer API - comprehensive system for custom providers
- π Professional Logging - WP_List_Table implementation with pagination
- ποΈ Database Migration - moved from WordPress options to MySQL tables
- π¨ UI/UX Overhaul - completely redesigned interface
- π Better i18n - improved internationalization support
- π Enhanced Security - improved validation and rate limiting
- Enhanced logs system with professional interface
- Better user management in admin area
- Improved Chat ID validation
- JavaScript translations
- Template system for error handling
- Webhook system for Telegram user_id retrieval
- Activity logs implementation
- WordPress 6.x compatibility updates
- Security improvements and bug fixes
- Original Telegram-only implementation
- Basic 2FA functionality
- WordPress compatibility updates
- Foundation features and security fixes
This plugin is released under the GPL v2 or later license.
- DueClic - [email protected]
- GitHub: debba
AuthPress - Advanced security for WordPress with flexible and user-friendly two-factor authentication.