Flavor 2FA adds powerful two-factor authentication to your WordPress site without the complexity. No bloat, no confusing settings – just solid security that protects your site from unauthorized access.
Why Flavor 2FA?
- Zero configuration needed – Works out of the box
- Native WordPress styling – Feels like part of WordPress
- Two verification methods – Authenticator apps (Google Authenticator, Authy, 1Password) or email codes
- User-friendly setup – Guided 3-step process with QR code scanning
- Complete admin control – Force 2FA, reset users, manage lockouts
Features
For Users: * Choose between authenticator app or email verification * 10 recovery codes for emergency access * “Trust this device” option to skip 2FA on personal devices * Simple, clean verification screens
For Admins: * Require 2FA for specific user roles * Grace period for new users * Force immediate 2FA setup on next login * Lockout protection against brute force attacks * Reset 2FA or unlock accounts with one click * See 2FA status for all users at a glance
Perfect For
- Agencies managing client sites
- WooCommerce stores handling sensitive data
- Membership sites with user accounts
- Any WordPress site that needs extra security
External services
This plugin uses a third-party service to generate QR codes during the TOTP authenticator app setup process.
QR Server API
When a user chooses the “Authenticator App” method during 2FA setup, the plugin generates a QR code image via the QR Server API. This QR code contains the TOTP secret URI (which includes the site name, user email, and secret key) so the user can scan it with their authenticator app.
- What data is sent: A TOTP provisioning URI containing the site name, user email address, and a generated secret key.
- When it is sent: Only once, when a user sets up TOTP-based two-factor authentication. No data is sent during normal login verification.
- Service provider: goQR.me / QR Server
- Service URL: https://goqr.me/api/
- Terms of service: https://goqr.me/api/doc/
- Privacy policy: https://goqr.me/privacy-policy/