{"id":258650,"date":"2026-02-13T17:23:30","date_gmt":"2026-02-13T17:23:30","guid":{"rendered":"https:\/\/it.wordpress.org\/plugins\/db-2fa\/"},"modified":"2026-04-14T08:28:51","modified_gmt":"2026-04-14T08:28:51","slug":"db-solution-2fa","status":"publish","type":"plugin","link":"https:\/\/cor.wordpress.org\/plugins\/db-solution-2fa\/","author":17379526,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"16.0","stable_tag":"16.0","tested":"7.0","requires":"6.0","requires_php":"8.2","requires_plugins":null,"header_name":"DB Solution - 2FA","header_author":"Davide Baraldi","header_description":"Modulo di sicurezza e URL personalizzato per la suite DB Solution.","assets_banners_color":"aacc01","last_updated":"2026-04-14 08:28:51","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/www.davide.baraldi.name\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":517,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"15.13":{"tag":"15.13","author":"davidebaraldi","date":"2026-04-11 14:19:10"},"15.3":{"tag":"15.3","author":"davidebaraldi","date":"2026-02-13 16:31:10"},"15.4":{"tag":"15.4","author":"davidebaraldi","date":"2026-02-16 17:56:39"},"16.0":{"tag":"16.0","author":"davidebaraldi","date":"2026-04-14 08:28:51"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":3505844,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":3505844,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":3505844,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":3505844,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["15.13","15.3","15.4","16.0"],"block_files":[],"assets_screenshots":{"screenshot-1.jpg":{"filename":"screenshot-1.jpg","revision":3505844,"resolution":"1","location":"assets","locale":""},"screenshot-2.jpg":{"filename":"screenshot-2.jpg","revision":3505844,"resolution":"2","location":"assets","locale":""},"screenshot-3.jpg":{"filename":"screenshot-3.jpg","revision":3505844,"resolution":"3","location":"assets","locale":""},"screenshot-4.jpg":{"filename":"screenshot-4.jpg","revision":3505844,"resolution":"4","location":"assets","locale":""},"screenshot-5.jpg":{"filename":"screenshot-5.jpg","revision":3505844,"resolution":"5","location":"assets","locale":""},"screenshot-6.jpg":{"filename":"screenshot-6.jpg","revision":3505844,"resolution":"6","location":"assets","locale":""},"screenshot-7.jpg":{"filename":"screenshot-7.jpg","revision":3505844,"resolution":"7","location":"assets","locale":""}},"screenshots":{"1":"DB Solution dashboard.","2":"Settings panel with separate security features.","3":"Security guide and credits."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[9211,710,3691,1178,600],"plugin_category":[38,54],"plugin_contributors":[255813],"plugin_business_model":[],"class_list":["post-258650","plugin","type-plugin","status-publish","hentry","plugin_tags-2fa","plugin_tags-authentication","plugin_tags-custom-login","plugin_tags-protection","plugin_tags-security","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-davidebaraldi","plugin_committers-davidebaraldi"],"banners":{"banner":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/banner-772x250.jpg?rev=3505844","banner_2x":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/banner-1544x500.jpg?rev=3505844","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/icon-128x128.jpg?rev=3505844","icon_2x":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/icon-256x256.jpg?rev=3505844","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/screenshot-1.jpg?rev=3505844","caption":"DB Solution dashboard."},{"src":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/screenshot-2.jpg?rev=3505844","caption":"Settings panel with separate security features."},{"src":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/screenshot-3.jpg?rev=3505844","caption":"Security guide and credits."},{"src":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/screenshot-4.jpg?rev=3505844","caption":""},{"src":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/screenshot-5.jpg?rev=3505844","caption":""},{"src":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/screenshot-6.jpg?rev=3505844","caption":""},{"src":"https:\/\/ps.w.org\/db-solution-2fa\/assets\/screenshot-7.jpg?rev=3505844","caption":""}],"raw_content":"<!--section=description-->\n<p>DB Solution - 2FA is a practical login security module for WordPress sites that need stronger access control without forcing every protection on by default.<\/p>\n\n<p>It helps site owners add email OTP verification, protect the standard login path, monitor successful logins, review failed attempts, and block unwanted IP addresses from one focused DB Solution panel.<\/p>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li>\ud83d\udd10 Email 2FA - Sends a one-time code after the password step, using the WordPress email system already configured on the site.<\/li>\n<li>\ud83e\udded Custom Login URL - Replaces the standard login path with a private slug chosen by the site owner.<\/li>\n<li>\ud83d\udc40 Login Monitoring - Sends an email notification after successful access, so unusual logins are easier to notice.<\/li>\n<li>\ud83e\uddf1 IP Blocking - Blocks single IP addresses and CIDR ranges from the plugin settings panel.<\/li>\n<li>\ud83e\uddfe Access Attempt Log - Shows login attempts with credential, IP address, browser, date, and result, without storing passwords.<\/li>\n<li>\u23f1\ufe0f OTP Countdown - Shows how long the verification code remains valid on the 2FA screen.<\/li>\n<li>\ud83d\udee1\ufe0f Strict Mode - Can bind the OTP check to the same IP address and browser that requested it.<\/li>\n<li>\ud83c\udf9b\ufe0f Modular Controls - Every protection stays disabled after activation until the site owner chooses what to enable.<\/li>\n<\/ul>\n\n<h4>Why It Helps<\/h4>\n\n<p>Most login security tools enable too much at once or hide the important choices. DB Solution - 2FA keeps the workflow simple: activate the plugin, confirm that email delivery works, then enable only the protections the site actually needs.<\/p>\n\n<p>This makes it useful for client sites, staging sites, and small business WordPress installs where login security must be stronger without making daily access confusing.<\/p>\n\n<h4>Email Requirement<\/h4>\n\n<p>Email-based 2FA requires a working WordPress email system. Before enabling it, send a test email from the site and confirm that users can receive the OTP code.<\/p>\n\n<h3>Compatibility<\/h3>\n\n<ul>\n<li>WordPress: 6.0 through 7.0.<\/li>\n<li>PHP: 8.2 or later. Tested on PHP 8.4.18 in the local WordPress 7 test site.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>db-solution-2fa<\/code> folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate the plugin from the WordPress Plugins screen.<\/li>\n<li>Open the DB Solution menu and enable only the protections needed by the site.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%202fa%20turn%20on%20automatically%20after%20plugin%20activation%3F\"><h3>Does 2FA turn on automatically after plugin activation?<\/h3><\/dt>\n<dd><p>No. Every protection remains disabled until the site owner enables it from the DB Solution settings panel.<\/p><\/dd>\n<dt id=\"do%20i%20need%20a%20working%20email%20system%3F\"><h3>Do I need a working email system?<\/h3><\/dt>\n<dd><p>Yes. Email 2FA sends OTP codes through the WordPress email system, so mail delivery must work before enabling 2FA.<\/p><\/dd>\n<dt id=\"does%20the%20access%20attempt%20log%20store%20passwords%3F\"><h3>Does the access attempt log store passwords?<\/h3><\/dt>\n<dd><p>No. The log stores the attempted username or email, IP address, browser, date, and result. Passwords are never stored.<\/p><\/dd>\n<dt id=\"can%20i%20block%20ip%20ranges%3F\"><h3>Can I block IP ranges?<\/h3><\/dt>\n<dd><p>Yes. The IP blocking section supports single IP addresses and CIDR ranges.<\/p><\/dd>\n<dt id=\"can%20i%20keep%20the%20normal%20wordpress%20login%20url%3F\"><h3>Can I keep the normal WordPress login URL?<\/h3><\/dt>\n<dd><p>Yes. The custom login URL is optional and remains disabled until you enable it.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20i%20disable%20a%20feature%3F\"><h3>What happens if I disable a feature?<\/h3><\/dt>\n<dd><p>The site returns to the standard WordPress behavior for that feature.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>16.0<\/h4>\n\n<ul>\n<li>Fix: the custom login URL no longer replaces WordPress login URLs globally, so the hidden slug is not exposed by normal login redirects.<\/li>\n<li>Update: expanded the WordPress.org description with feature highlights and FAQ content.<\/li>\n<\/ul>\n\n<h4>15.13<\/h4>\n\n<ul>\n<li>Fix: sanitized the AJAX option value in a way accepted by WordPress coding standards.<\/li>\n<li>Fix: preserved the login remember-me choice without reading unsanitized form data directly.<\/li>\n<li>Update: declared compatibility through WordPress 7.0 for the WordPress 7 test site.<\/li>\n<li>Update: rewrote the readme short description and description in standard English.<\/li>\n<\/ul>\n\n<h4>15.12<\/h4>\n\n<ul>\n<li>Security: added a 5-attempt limit for each OTP code.<\/li>\n<li>Security: the remember-me cookie is used only when selected by the user.<\/li>\n<\/ul>\n\n<h4>15.11<\/h4>\n\n<ul>\n<li>Fix: removed inline helper functions unavailable in the login context to avoid fatal errors.<\/li>\n<\/ul>\n\n<h4>15.10<\/h4>\n\n<ul>\n<li>Update: added the countdown to the 2FA verification screen.<\/li>\n<li>Update: updated the email footer with the site name and plugin by Unicorn Designer.<\/li>\n<\/ul>\n\n<h4>15.9<\/h4>\n\n<ul>\n<li>Update: main toggles and simple fields now save automatically without a general save button.<\/li>\n<li>Update: the manual save button remains only in the IP blocking card with the label Save blocked IPs.<\/li>\n<\/ul>\n\n<h4>15.8<\/h4>\n\n<ul>\n<li>Update: redesigned the settings interface with custom cards, icons, and colors.<\/li>\n<li>Update: replaced classic WordPress tabs with pill navigation.<\/li>\n<li>Compatibility: kept the code compatible with PHP 8.3 and PHP 8.4 without PHP 8.5-only features.<\/li>\n<\/ul>\n\n<h4>15.7<\/h4>\n\n<ul>\n<li>Update: removed the large header card from the settings page.<\/li>\n<li>Update: refreshed the settings design with lighter cards.<\/li>\n<li>New: added the access attempts tab with username or email, IP address, browser, date, and result.<\/li>\n<li>Security: attempted passwords are never stored in the log.<\/li>\n<\/ul>\n\n<h4>15.6<\/h4>\n\n<ul>\n<li>Update: removed the global switch from the interface and public logic.<\/li>\n<li>New: added the IP blocking section with support for single IP addresses and CIDR networks.<\/li>\n<li>Update: refreshed the admin design for settings, guide, and credits.<\/li>\n<\/ul>\n\n<h4>15.5<\/h4>\n\n<ul>\n<li>Update: declared compatibility through WordPress 6.9.<\/li>\n<li>Update: separated the global control from 2FA activation.<\/li>\n<li>New: added a dedicated Enable Email 2FA option.<\/li>\n<li>New: added a confirmation notice before enabling email-based 2FA.<\/li>\n<li>Fix: login monitoring works even when 2FA is not active.<\/li>\n<li>Update: rewrote guide and credits text.<\/li>\n<\/ul>\n\n<h4>15.4<\/h4>\n\n<ul>\n<li>New: added Strict Mode security that locks OTP verification to IP address and user agent.<\/li>\n<li>New: added OTP expiration time setting.<\/li>\n<li>New: added settings saved confirmation message.<\/li>\n<li>Fix: sanitized server variables and inputs according to WordPress coding standards.<\/li>\n<\/ul>\n\n<h4>15.3<\/h4>\n\n<ul>\n<li>Fix: moved CSS and JS to external files and enqueued them properly.<\/li>\n<li>Fix: removed the assets folder from the plugin ZIP.<\/li>\n<\/ul>\n\n<h4>15.2<\/h4>\n\n<ul>\n<li>Update: renamed plugin slug, text domain, and prefixes to db-solution-2fa.<\/li>\n<\/ul>\n\n<h4>15.1.5<\/h4>\n\n<ul>\n<li>Security improvements: strict sanitization and nonce checks.<\/li>\n<li>Removed the internal updater to comply with WordPress.org repository standards.<\/li>\n<\/ul>\n\n<h4>15.1.1<\/h4>\n\n<ul>\n<li>Standard fix for WordPress.org compliance.<\/li>\n<\/ul>\n\n<h4>15.1.0<\/h4>\n\n<ul>\n<li>Full integration into the DB Solution suite.<\/li>\n<li>New modular and modern user interface.<\/li>\n<li>Code refactoring for performance and security.<\/li>\n<\/ul>\n\n<h4>15.0.0<\/h4>\n\n<ul>\n<li>Previous standalone version.<\/li>\n<\/ul>","raw_excerpt":"Email 2FA, custom login URL, access monitoring, manual IP blocking, and login attempt logging for DB Solution.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/258650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=258650"}],"author":[{"embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/davidebaraldi"}],"wp:attachment":[{"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=258650"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=258650"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=258650"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=258650"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=258650"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/cor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=258650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}