WooCommerce Two Factor Authentication
WooCommerce Two Factor Authentication by vanquish
WooCommerce Two Factor Authentication plugin seamlessly integrates into your WooCommerce login page implementing a two-factor authentication process!
THE IDEA
It happens that a shop manager needs to share some files with a customer after a purchase. Those files have to be approved or rejected by the customer. Eventually, the customer must have the possibility to leave a message explaining the reason for his actions. This process must go on until the file is approved by the customer!
HOW IT WORKS: THE AUTHENTICATION WORKFLOW
Once the plugin is activated, the process is straightforward:
- When the customer accesses the login page, besides the Username and Password fields, he will also see the new OTP field and the "OTP send" button (the login button will be hidden until the OTP is sent)
- Once he entered the Username/Email and clicked the "OTP send" button, he will receive the OTP via email, and the login button will appear
- The customer can then enter the OTP and proceed with the login
HIGHLY CUSTOMIZABLE
Through the admin area, the shop admin can customize the OTP notification email, subject, error message, and more! He can also configure other parameters like the OTP length and validity time
TEMPLATING
The OTP area template can be customized. The template files can be copied into the theme folder and then customized according to your needs!
- woocommerce-two-factor-auth/templates/frontend/wc-login-form.php: this is the template used in the WooCommerce login area
- woocommerce-two-factor-auth/templates/frontend/wp-login-form.php: this is the template used in the WordPress admin login area
NEW CONTENT HIGHLIGHT
Every time the admin edits an attachment or adds a new message, those contents will be highlighted in the frontend in order to give better feedback to the customer. The same things happen when a customer leaves a message:in the admin order details page, the new message will be highlighted.
SECURITY
The OTP is a 12 length string randomly generated. The OTP is valid for a fixed time amount (by default is 5 minutes) after which it will expire.To prevent brute force attacks, the plugin also checks the number of attempts the user performs. By default, after 3 wrong attempts, the OTP will expire. All the parameters can be edited through the options menu.
WPML
The plugin supports the WPML translation plugin. All the available texts can be customized and translated for each installed language.