2FA Without PHP SESSIONs?

  • Resolved Glowball

    (@glowball)


    2 years, 3 months ago

    Hi, I’m looking for a 2FA plugin for WordPress that doesn’t use PHP SESSION variables. I work in Cybersecurity, and they are inherently unsecure (they can be compromised pretty easily in an attack on the server, and then someone can take over as another user). However, a lot of the plugins I’m finding use those SESSION variables. WordPress itself doesn’t even use them. Can miniOrange do it?

    Also, what kind of methods do you support for 2FA? If you have a link to a page I can read about it, that would also be great. Thanks!

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @monica,

    Thank you for reaching out to us.

    WordPress itself doesn’t even use them. Can miniOrange do it?

    I would like to inform you that our free Google Authenticator plugin does not use PHP SESSION variables.

    What kind of methods do you support for 2FA?

    Other than Google Authenticator, we support SMS verification, Email Verification, OTP Over SMS / Email / Whatsapp / Telegram, Security Questions, QR Code Authentication, Push Notification, Hardware tokens, TOTP methods,etc.

    You can check out all the supported methods by miniOrange here: 2-factor methods
    You can configure 2fa methods using this guide: Setup Guide

    I hope this will be helpful.

    Thank you,
    miniOrange Team

    Thread Starter Glowball

    (@glowball)

    Thanks for the quick response! I’m concerned about the increase in cybersecurity attacks and I want to keep my website safe. I’ll set up the plugin, thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘2FA Without PHP SESSIONs?’ is closed to new replies.