Descripció

DB Solution – 2FA is a practical login security module for WordPress sites that need stronger access control without forcing every protection on by default.

It helps site owners add email OTP verification, protect the standard login path, monitor successful logins, review failed attempts, and block unwanted IP addresses from one focused DB Solution panel.

Key Features

🔐 Email 2FA – Sends a one-time code after the password step, using the WordPress email system already configured on the site.
🧭 Custom Login URL – Replaces the standard login path with a private slug chosen by the site owner.
👀 Login Monitoring – Sends an email notification after successful access, so unusual logins are easier to notice.
🧱 IP Blocking – Blocks single IP addresses and CIDR ranges from the plugin settings panel.
🧾 Access Attempt Log – Shows login attempts with credential, IP address, browser, date, and result, without storing passwords.
⏱️ OTP Countdown – Shows how long the verification code remains valid on the 2FA screen.
🛡️ Strict Mode – Can bind the OTP check to the same IP address and browser that requested it.
🎛️ Modular Controls – Every protection stays disabled after activation until the site owner chooses what to enable.

Why It Helps

Most login security tools enable too much at once or hide the important choices. DB Solution – 2FA keeps the workflow simple: activate the plugin, confirm that email delivery works, then enable only the protections the site actually needs.

This makes it useful for client sites, staging sites, and small business WordPress installs where login security must be stronger without making daily access confusing.

Email Requirement

Email-based 2FA requires a working WordPress email system. Before enabling it, send a test email from the site and confirm that users can receive the OTP code.

Compatibility

WordPress: 6.0 through 7.0.
PHP: 8.2 or later. Tested on PHP 8.4.18 in the local WordPress 7 test site.

Captures

DB Solution dashboard.
Settings panel with separate security features.
Security guide and credits.

Instal·lació

Upload the db-solution-2fa folder to /wp-content/plugins/.
Activate the plugin from the WordPress Plugins screen.
Open the DB Solution menu and enable only the protections needed by the site.

PMF

Does 2FA turn on automatically after plugin activation?: No. Every protection remains disabled until the site owner enables it from the DB Solution settings panel.
Do I need a working email system?: Yes. Email 2FA sends OTP codes through the WordPress email system, so mail delivery must work before enabling 2FA.
Does the access attempt log store passwords?: No. The log stores the attempted username or email, IP address, browser, date, and result. Passwords are never stored.
Can I block IP ranges?: Yes. The IP blocking section supports single IP addresses and CIDR ranges.
Can I keep the normal WordPress login URL?: Yes. The custom login URL is optional and remains disabled until you enable it.
What happens if I disable a feature?: The site returns to the standard WordPress behavior for that feature.

Ressenyes

No hi ha ressenyes per a aquesta extensió.

Col·laboradors i desenvolupadors

«DB Solution – 2FA» és programari de codi obert. La següent gent ha col·laborat en aquesta extensió.

Davide Baraldi

Traduïu «DB Solution – 2FA» a la vostra llengua.

Interessats en el desenvolupament?

Navegueu pel codi, baixeu-vos el repositori SVN, o subscriviu-vos al registre de desenvolupament per fisl de subscripció RSS.

Registre de canvis

16.0

Fix: the custom login URL no longer replaces WordPress login URLs globally, so the hidden slug is not exposed by normal login redirects.
Update: expanded the WordPress.org description with feature highlights and FAQ content.

15.13

Fix: sanitized the AJAX option value in a way accepted by WordPress coding standards.
Fix: preserved the login remember-me choice without reading unsanitized form data directly.
Update: declared compatibility through WordPress 7.0 for the WordPress 7 test site.
Update: rewrote the readme short description and description in standard English.

15.12

Security: added a 5-attempt limit for each OTP code.
Security: the remember-me cookie is used only when selected by the user.

15.11

Fix: removed inline helper functions unavailable in the login context to avoid fatal errors.

15.10

Update: added the countdown to the 2FA verification screen.
Update: updated the email footer with the site name and plugin by Unicorn Designer.

15.9

Update: main toggles and simple fields now save automatically without a general save button.
Update: the manual save button remains only in the IP blocking card with the label Save blocked IPs.

15.8

Update: redesigned the settings interface with custom cards, icons, and colors.
Update: replaced classic WordPress tabs with pill navigation.
Compatibility: kept the code compatible with PHP 8.3 and PHP 8.4 without PHP 8.5-only features.

15.7

Update: removed the large header card from the settings page.
Update: refreshed the settings design with lighter cards.
New: added the access attempts tab with username or email, IP address, browser, date, and result.
Security: attempted passwords are never stored in the log.

15.6

Update: removed the global switch from the interface and public logic.
New: added the IP blocking section with support for single IP addresses and CIDR networks.
Update: refreshed the admin design for settings, guide, and credits.

15.5

Update: declared compatibility through WordPress 6.9.
Update: separated the global control from 2FA activation.
New: added a dedicated Enable Email 2FA option.
New: added a confirmation notice before enabling email-based 2FA.
Fix: login monitoring works even when 2FA is not active.
Update: rewrote guide and credits text.

15.4

New: added Strict Mode security that locks OTP verification to IP address and user agent.
New: added OTP expiration time setting.
New: added settings saved confirmation message.
Fix: sanitized server variables and inputs according to WordPress coding standards.

15.3

Fix: moved CSS and JS to external files and enqueued them properly.
Fix: removed the assets folder from the plugin ZIP.

15.2

Update: renamed plugin slug, text domain, and prefixes to db-solution-2fa.

15.1.5

Security improvements: strict sanitization and nonce checks.
Removed the internal updater to comply with WordPress.org repository standards.

15.1.1

Standard fix for WordPress.org compliance.

15.1.0

Full integration into the DB Solution suite.
New modular and modern user interface.
Code refactoring for performance and security.

15.0.0

Previous standalone version.