Title: Brightery Secure 2FA Author: Brightery Published: 23 april 2026 Last modified: 23 april 2026 --- Plugins zoeken ![](https://ps.w.org/brightery-secure-2fa/assets/icon-256x256.png?rev=3513593) # Brightery Secure 2FA Door [Brightery](https://profiles.wordpress.org/brighterycom/) [Download](https://downloads.wordpress.org/plugin/brightery-secure-2fa.1.0.0.zip) * [Details](https://nl-be.wordpress.org/plugins/brightery-secure-2fa/#description) * [Beoordelingen](https://nl-be.wordpress.org/plugins/brightery-secure-2fa/#reviews) * [Installatie](https://nl-be.wordpress.org/plugins/brightery-secure-2fa/#installation) * [Ontwikkeling](https://nl-be.wordpress.org/plugins/brightery-secure-2fa/#developers) [Ondersteuning](https://wordpress.org/support/plugin/brightery-secure-2fa/) ## Beschrijving Brightery Secure 2FA adds a strong second login step for WordPress accounts while staying lightweight in runtime. Features: * Authenticator app (TOTP) support. * Passkeys / WebAuthn support for Touch ID, Face ID, Windows Hello, fingerprint readers, and device PIN. * Role-based enforcement: require selected user groups to enroll. * Forced enrollment page to block protected users until they configure security. * Backup codes. * Encrypted TOTP secret storage using WordPress salts. * Login throttling for repeated primary-login and second-factor failures. * Lightweight audit logs stored inside WordPress options. * Email alerts for enrollment changes and lockouts. * Trusted devices so users can skip 2FA on approved browsers for a limited period. * CSV export for security logs. * Advanced log filters and search. * Custom labels for trusted devices and passkeys. * Optional revocation of other sessions after security changes. * Optional blocking of WordPress application passwords for protected / 2FA-enabled users. * Lightweight runtime: the plugin mostly runs on login, profile, AJAX, settings pages, WooCommerce account pages, and authenticated REST requests. ### Important Notes * HTTPS is required for passkeys in production. * This build is optimized for normal interactive WordPress logins and admin access enforcement. * Passkey attestation trust-chain validation is intentionally not enforced in order to remain lightweight and dependency-free. The plugin still validates challenge, origin, RP ID hash, user presence, optional user verification, signature, and signature counter. * This lightweight build supports ES256 passkeys. * TOTP setup includes a local QR-code renderer so the setup secret stays on your own WordPress site during enrollment. * The plugin stores account-security data such as trusted-device records, passkey metadata, security logs, and a limited recent login-context history. * A privacy-policy suggestion plus WordPress personal-data exporter and eraser integrations are included. * There are no non-GPL third-party runtime libraries bundled with this plugin; the distributed JavaScript and CSS files are included as human-readable source. ### Security Model * TOTP secrets are encrypted before storing in user meta. * Backup codes are stored hashed. * Passkeys verify origin, RP ID hash, challenge, signature, and signature counter. * Rate limiting helps slow repeated login and 2FA guessing attempts. * The plugin can require passkey user verification for biometric/PIN-backed sign- in. ### Privacy Brightery Secure 2FA stores security-related account data so it can protect logins and help administrators investigate suspicious access. The plugin adds suggested privacy-policy text to WordPress and registers personal-data exporter/eraser callbacks for the data it stores. ### Source Code and Licensing * All distributed plugin PHP, JS, and CSS files are included as human-readable source. * The local QR renderer is bundled directly in `assets/js/bs2fa-qr.js` as readable source code. * No non-GPL runtime libraries are required for normal plugin operation. ## Installatie 1. Upload the ZIP in WordPress Plugins > Add New > Upload Plugin. 2. Activate “Brightery Secure 2FA”. 3. Go to Settings > Brightery Secure 2FA. 4. Select allowed methods and the user roles that must use 2FA. 5. Ask each protected user to finish setup from Profile or 2FA Setup. ## Beoordelingen Er zijn geen beoordelingen voor deze plugin. ## Bijdragers & ontwikkelaars “Brightery Secure 2FA” is open source software. De volgende personen hebben bijgedragen aan deze plugin. Bijdragers * [ Brightery ](https://profiles.wordpress.org/brighterycom/) [Vertaal “Brightery Secure 2FA” naar jouw taal.](https://translate.wordpress.org/projects/wp-plugins/brightery-secure-2fa) ### Interesse in de ontwikkeling? [Bekijk de code](https://plugins.trac.wordpress.org/browser/brightery-secure-2fa/), haal de [SVN repository](https://plugins.svn.wordpress.org/brightery-secure-2fa/) op, of abonneer je op het [ontwikkellog](https://plugins.trac.wordpress.org/log/brightery-secure-2fa/) via [RSS](https://plugins.trac.wordpress.org/log/brightery-secure-2fa/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.0 * Initial release. ## Meta * Versie **1.0.0** * Laatst bijgewerkt: **2 weken geleden** * Actieve installaties: **Minder dan 10** * WordPress versie ** 6.2 of nieuwer ** * Getest t/m **6.9.4** * PHP versie ** 7.4 of nieuwer ** * Taal * [English (US)](https://wordpress.org/plugins/brightery-secure-2fa/) * Tags * [2FA](https://nl-be.wordpress.org/plugins/tags/2fa/)[authentication](https://nl-be.wordpress.org/plugins/tags/authentication/) [security](https://nl-be.wordpress.org/plugins/tags/security/) * [Geavanceerde weergave](https://nl-be.wordpress.org/plugins/brightery-secure-2fa/advanced/) ## Beoordelingen Er zijn nog geen beoordelingen ingediend. [Your review](https://wordpress.org/support/plugin/brightery-secure-2fa/reviews/#new-post) [Bekijk alle beoordelingen](https://wordpress.org/support/plugin/brightery-secure-2fa/reviews/) ## Bijdragers * [ Brightery ](https://profiles.wordpress.org/brighterycom/) ## Ondersteuning Iets te melden? Hulp nodig? [Het supportforum bekijken](https://wordpress.org/support/plugin/brightery-secure-2fa/)