Title: Brightery Secure 2FA Author: Brightery Published: 23 de abril de 2026 Last modified: 23 de abril de 2026 --- Buscar plugins ![](https://ps.w.org/brightery-secure-2fa/assets/icon-256x256.png?rev=3513593) # Brightery Secure 2FA Por [Brightery](https://profiles.wordpress.org/brighterycom/) [Descargar](https://downloads.wordpress.org/plugin/brightery-secure-2fa.1.0.0.zip) * [Detalles](https://es-co.wordpress.org/plugins/brightery-secure-2fa/#description) * [Valoraciones](https://es-co.wordpress.org/plugins/brightery-secure-2fa/#reviews) * [Instalación](https://es-co.wordpress.org/plugins/brightery-secure-2fa/#installation) * [Desarrollo](https://es-co.wordpress.org/plugins/brightery-secure-2fa/#developers) [Soporte](https://wordpress.org/support/plugin/brightery-secure-2fa/) ## Descripción Brightery Secure 2FA adds a strong second login step for WordPress accounts while staying lightweight in runtime. Features: * Authenticator app (TOTP) support. * Passkeys / WebAuthn support for Touch ID, Face ID, Windows Hello, fingerprint readers, and device PIN. * Role-based enforcement: require selected user groups to enroll. * Forced enrollment page to block protected users until they configure security. * Backup codes. * Encrypted TOTP secret storage using WordPress salts. * Login throttling for repeated primary-login and second-factor failures. * Lightweight audit logs stored inside WordPress options. * Email alerts for enrollment changes and lockouts. * Trusted devices so users can skip 2FA on approved browsers for a limited period. * CSV export for security logs. * Advanced log filters and search. * Custom labels for trusted devices and passkeys. * Optional revocation of other sessions after security changes. * Optional blocking of WordPress application passwords for protected / 2FA-enabled users. * Lightweight runtime: the plugin mostly runs on login, profile, AJAX, settings pages, WooCommerce account pages, and authenticated REST requests. ### Important Notes * HTTPS is required for passkeys in production. * This build is optimized for normal interactive WordPress logins and admin access enforcement. * Passkey attestation trust-chain validation is intentionally not enforced in order to remain lightweight and dependency-free. The plugin still validates challenge, origin, RP ID hash, user presence, optional user verification, signature, and signature counter. * This lightweight build supports ES256 passkeys. * TOTP setup includes a local QR-code renderer so the setup secret stays on your own WordPress site during enrollment. * The plugin stores account-security data such as trusted-device records, passkey metadata, security logs, and a limited recent login-context history. * A privacy-policy suggestion plus WordPress personal-data exporter and eraser integrations are included. * There are no non-GPL third-party runtime libraries bundled with this plugin; the distributed JavaScript and CSS files are included as human-readable source. ### Security Model * TOTP secrets are encrypted before storing in user meta. * Backup codes are stored hashed. * Passkeys verify origin, RP ID hash, challenge, signature, and signature counter. * Rate limiting helps slow repeated login and 2FA guessing attempts. * The plugin can require passkey user verification for biometric/PIN-backed sign- in. ### Privacy Brightery Secure 2FA stores security-related account data so it can protect logins and help administrators investigate suspicious access. The plugin adds suggested privacy-policy text to WordPress and registers personal-data exporter/eraser callbacks for the data it stores. ### Source Code and Licensing * All distributed plugin PHP, JS, and CSS files are included as human-readable source. * The local QR renderer is bundled directly in `assets/js/bs2fa-qr.js` as readable source code. * No non-GPL runtime libraries are required for normal plugin operation. ## Instalación 1. Upload the ZIP in WordPress Plugins > Add New > Upload Plugin. 2. Activate “Brightery Secure 2FA”. 3. Go to Settings > Brightery Secure 2FA. 4. Select allowed methods and the user roles that must use 2FA. 5. Ask each protected user to finish setup from Profile or 2FA Setup. ## Reseñas No hay reseñas para este plugin. ## Colaboradores y desarrolladores «Brightery Secure 2FA» es un software de código abierto. Las siguientes personas han colaborado con este plugin. Colaboradores * [ Brightery ](https://profiles.wordpress.org/brighterycom/) [Traduce «Brightery Secure 2FA» a tu idioma.](https://translate.wordpress.org/projects/wp-plugins/brightery-secure-2fa) ### ¿Interesado en el desarrollo? [Revisa el código](https://plugins.trac.wordpress.org/browser/brightery-secure-2fa/), echa un vistazo al [repositorio SVN](https://plugins.svn.wordpress.org/brightery-secure-2fa/) o suscríbete al [registro de desarrollo](https://plugins.trac.wordpress.org/log/brightery-secure-2fa/) por [RSS](https://plugins.trac.wordpress.org/log/brightery-secure-2fa/?limit=100&mode=stop_on_copy&format=rss). ## Registro de cambios #### 1.0.0 * Initial release. ## Meta * Versión **1.0.0** * Última actualización **hace 2 semanas** * Instalaciones activas **Menos de 10** * Versión de WordPress ** 6.2 o superior ** * Probado hasta **6.9.4** * Versión de PHP ** 7.4 o superior ** * Idioma * [English (US)](https://wordpress.org/plugins/brightery-secure-2fa/) * Etiquetas * [2FA](https://es-co.wordpress.org/plugins/tags/2fa/)[authentication](https://es-co.wordpress.org/plugins/tags/authentication/) [security](https://es-co.wordpress.org/plugins/tags/security/) * [Vista avanzada](https://es-co.wordpress.org/plugins/brightery-secure-2fa/advanced/) ## Valoraciones Aún no se han enviado valoraciones. [Your review](https://wordpress.org/support/plugin/brightery-secure-2fa/reviews/#new-post) [Ver todos los comentarios](https://wordpress.org/support/plugin/brightery-secure-2fa/reviews/) ## Colaboradores * [ Brightery ](https://profiles.wordpress.org/brighterycom/) ## Soporte ¿Tienes algo que decir? ¿Necesitas ayuda? [Ver el foro de soporte](https://wordpress.org/support/plugin/brightery-secure-2fa/)