Digipacket Login Security with Two-Factor Authentication

Digipacket Login Security adds strong, standards-based two-factor authentication to any WordPress site. It uses the TOTP algorithm (RFC 6238), so it works with Google Authenticator, Authy, Microsoft Authenticator, FreeOTP and any standard authenticator app — with no external service or cloud dependency. Everything runs on your own server.

Key features

• TOTP compatible with Google Authenticator and all standard apps.
• Choice of method — each user picks an authenticator app (TOTP) or a one-time code sent by e-mail at login.
• QR Code enrolment rendered locally on the user profile screen (no external image service).
• Mandatory code verification after every login.
• Single-use backup codes for account recovery if the device is lost.
• Brute-force protection — lock an account after a configurable number of failed attempts, for a configurable duration. Blocks further sign-ins even with the correct password during the lockout window.
• Security e-mail alerts — notify the account owner when repeated wrong-password attempts or too many incorrect 2FA codes are detected.
• Login notifications — e-mail the user and/or the administrator (per selected roles) with sign-in details (user, date, IP, browser).
• Login screen warning — optional full-screen security notice that visitors must accept before signing in.
• Enforce 2FA by role with a configurable grace period.
• Admin reset of a user’s 2FA from the Users list, plus a 2FA status column.
• Audit log of all security events with filtering by role or user.
• Modern admin interface — dashboard, focused settings tabs and an About page.
• Translatable — ships with French (fr_FR) and English.

Privacy & external services

By default, Digipacket Login Security does not send any data to external services. All secrets, codes and logs are stored in your own WordPress database, and e-mails are sent through your site’s standard wp_mail() function.

Optional Telegram notifications (disabled by default): if you enable them and provide your own bot token and chat ID, the plugin sends security-event details (event type, username, IP address, date) to the Telegram Bot API at https://api.telegram.org so the message can be delivered to your chosen Telegram chat. This only happens while the feature is enabled and configured.

• Telegram Bot API: https://core.telegram.org/bots/api
• Telegram Privacy Policy: https://telegram.org/privacy