diff --git a/wp-content/plugins/two-factor/LICENSE.md b/wp-content/plugins/two-factor/LICENSE.md
new file mode 100644
index 0000000000000000000000000000000000000000..d8cf7d463e2a4f064a157fa994bb394d3623b9cc
--- /dev/null
+++ b/wp-content/plugins/two-factor/LICENSE.md
@@ -0,0 +1,280 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
diff --git a/wp-content/plugins/two-factor/assets/screenshot-3.png b/wp-content/plugins/two-factor/assets/screenshot-3.png
new file mode 100644
index 0000000000000000000000000000000000000000..a9810f87b10d40aab7ce63f8cbe91bfe4c1f78d2
Binary files /dev/null and b/wp-content/plugins/two-factor/assets/screenshot-3.png differ
diff --git a/wp-content/plugins/two-factor/class-two-factor-compat.php b/wp-content/plugins/two-factor/class-two-factor-compat.php
new file mode 100644
index 0000000000000000000000000000000000000000..8c4da2c81ecf1e5189e066ea95e16dbc98fdece4
--- /dev/null
+++ b/wp-content/plugins/two-factor/class-two-factor-compat.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * A compatability layer for some of the most popular plugins.
+ *
+ * Should be used with care because ideally we wouldn't need
+ * any integration specific code for this plugin. Everything should
+ * be handled through clever use of hooks and best practices.
+ */
+class Two_Factor_Compat {
+ /**
+ * Initialize all the custom hooks as necessary.
+ *
+ * @return void
+ */
+ public function init() {
+ /**
+ * Jetpack
+ *
+ * @see https://wordpress.org/plugins/jetpack/
+ */
+ add_filter( 'two_factor_rememberme', array( $this, 'jetpack_rememberme' ) );
+ }
+
+ /**
+ * Jetpack single sign-on wants long-lived sessions for users.
+ *
+ * @param boolean $rememberme Current state of the "remember me" toggle.
+ *
+ * @return boolean
+ */
+ public function jetpack_rememberme( $rememberme ) {
+ if ( isset( $_GET['action'] ) && 'jetpack-sso' === $_GET['action'] && $this->jetpack_is_sso_active() ) {
+ return true;
+ }
+
+ return $rememberme;
+ }
+
+ /**
+ * Helper to detect the presence of the active SSO module.
+ *
+ * @return boolean
+ */
+ public function jetpack_is_sso_active() {
+ return ( method_exists( 'Jetpack', 'is_module_active' ) && Jetpack::is_module_active( 'sso' ) );
+ }
+}
diff --git a/wp-content/plugins/two-factor/class-two-factor-core.php b/wp-content/plugins/two-factor/class-two-factor-core.php
new file mode 100644
index 0000000000000000000000000000000000000000..b36a48bf94d0c691c30c03b74f5a73c3aed763dd
--- /dev/null
+++ b/wp-content/plugins/two-factor/class-two-factor-core.php
@@ -0,0 +1,827 @@
+<?php
+/**
+ * Class for creating two factor authorization.
+ *
+ * @since 0.1-dev
+ *
+ * @package Two_Factor
+ */
+class Two_Factor_Core {
+
+ /**
+ * The user meta provider key.
+ *
+ * @type string
+ */
+ const PROVIDER_USER_META_KEY = '_two_factor_provider';
+
+ /**
+ * The user meta enabled providers key.
+ *
+ * @type string
+ */
+ const ENABLED_PROVIDERS_USER_META_KEY = '_two_factor_enabled_providers';
+
+ /**
+ * The user meta nonce key.
+ *
+ * @type string
+ */
+ const USER_META_NONCE_KEY = '_two_factor_nonce';
+
+ /**
+ * Set up filters and actions.
+ *
+ * @since 0.1-dev
+ */
+ public static function add_hooks( $compat ) {
+ add_action( 'plugins_loaded', array( __CLASS__, 'load_textdomain' ) );
+ add_action( 'init', array( __CLASS__, 'get_providers' ) );
+ add_action( 'wp_login', array( __CLASS__, 'wp_login' ), 10, 2 );
+ add_action( 'login_form_validate_2fa', array( __CLASS__, 'login_form_validate_2fa' ) );
+ add_action( 'login_form_backup_2fa', array( __CLASS__, 'backup_2fa' ) );
+ add_action( 'show_user_profile', array( __CLASS__, 'user_two_factor_options' ) );
+ add_action( 'edit_user_profile', array( __CLASS__, 'user_two_factor_options' ) );
+ add_action( 'personal_options_update', array( __CLASS__, 'user_two_factor_options_update' ) );
+ add_action( 'edit_user_profile_update', array( __CLASS__, 'user_two_factor_options_update' ) );
+ add_filter( 'manage_users_columns', array( __CLASS__, 'filter_manage_users_columns' ) );
+ add_filter( 'wpmu_users_columns', array( __CLASS__, 'filter_manage_users_columns' ) );
+ add_filter( 'manage_users_custom_column', array( __CLASS__, 'manage_users_custom_column' ), 10, 3 );
+
+ // Run only after the core wp_authenticate_username_password() check.
+ add_filter( 'authenticate', array( __CLASS__, 'filter_authenticate' ), 50 );
+
+ $compat->init();
+ }
+
+ /**
+ * Loads the plugin's text domain.
+ *
+ * Sites on WordPress 4.6+ benefit from just-in-time loading of translations.
+ */
+ public static function load_textdomain() {
+ load_plugin_textdomain( 'two-factor' );
+ }
+
+ /**
+ * For each provider, include it and then instantiate it.
+ *
+ * @since 0.1-dev
+ *
+ * @return array
+ */
+ public static function get_providers() {
+ $providers = array(
+ 'Two_Factor_Email' => TWO_FACTOR_DIR . 'providers/class.two-factor-email.php',
+ 'Two_Factor_Totp' => TWO_FACTOR_DIR . 'providers/class.two-factor-totp.php',
+ 'Two_Factor_FIDO_U2F' => TWO_FACTOR_DIR . 'providers/class.two-factor-fido-u2f.php',
+ 'Two_Factor_Backup_Codes' => TWO_FACTOR_DIR . 'providers/class.two-factor-backup-codes.php',
+ 'Two_Factor_Dummy' => TWO_FACTOR_DIR . 'providers/class.two-factor-dummy.php',
+ );
+
+ /**
+ * Filter the supplied providers.
+ *
+ * This lets third-parties either remove providers (such as Email), or
+ * add their own providers (such as text message or Clef).
+ *
+ * @param array $providers A key-value array where the key is the class name, and
+ * the value is the path to the file containing the class.
+ */
+ $providers = apply_filters( 'two_factor_providers', $providers );
+
+ // FIDO U2F is PHP 5.3+ only.
+ if ( isset( $providers['Two_Factor_FIDO_U2F'] ) && version_compare( PHP_VERSION, '5.3.0', '<' ) ) {
+ unset( $providers['Two_Factor_FIDO_U2F'] );
+ trigger_error( sprintf( // WPCS: XSS OK.
+ /* translators: %s: version number */
+ __( 'FIDO U2F is not available because you are using PHP %s. (Requires 5.3 or greater)', 'two-factor' ),
+ PHP_VERSION
+ ) );
+ }
+
+ /**
+ * For each filtered provider,
+ */
+ foreach ( $providers as $class => $path ) {
+ include_once( $path );
+
+ /**
+ * Confirm that it's been successfully included before instantiating.
+ */
+ if ( class_exists( $class ) ) {
+ try {
+ $providers[ $class ] = call_user_func( array( $class, 'get_instance' ) );
+ } catch ( Exception $e ) {
+ unset( $providers[ $class ] );
+ }
+ }
+ }
+
+ return $providers;
+ }
+
+ /**
+ * Get all Two-Factor Auth providers that are enabled for the specified|current user.
+ *
+ * @param WP_User $user WP_User object of the logged-in user.
+ * @return array
+ */
+ public static function get_enabled_providers_for_user( $user = null ) {
+ if ( empty( $user ) || ! is_a( $user, 'WP_User' ) ) {
+ $user = wp_get_current_user();
+ }
+
+ $providers = self::get_providers();
+ $enabled_providers = get_user_meta( $user->ID, self::ENABLED_PROVIDERS_USER_META_KEY, true );
+ if ( empty( $enabled_providers ) ) {
+ $enabled_providers = array();
+ }
+ $enabled_providers = array_intersect( $enabled_providers, array_keys( $providers ) );
+
+ return $enabled_providers;
+ }
+
+ /**
+ * Get all Two-Factor Auth providers that are both enabled and configured for the specified|current user.
+ *
+ * @param WP_User $user WP_User object of the logged-in user.
+ * @return array
+ */
+ public static function get_available_providers_for_user( $user = null ) {
+ if ( empty( $user ) || ! is_a( $user, 'WP_User' ) ) {
+ $user = wp_get_current_user();
+ }
+
+ $providers = self::get_providers();
+ $enabled_providers = self::get_enabled_providers_for_user( $user );
+ $configured_providers = array();
+
+ foreach ( $providers as $classname => $provider ) {
+ if ( in_array( $classname, $enabled_providers ) && $provider->is_available_for_user( $user ) ) {
+ $configured_providers[ $classname ] = $provider;
+ }
+ }
+
+ return $configured_providers;
+ }
+
+ /**
+ * Gets the Two-Factor Auth provider for the specified|current user.
+ *
+ * @since 0.1-dev
+ *
+ * @param int $user_id Optional. User ID. Default is 'null'.
+ * @return object|null
+ */
+ public static function get_primary_provider_for_user( $user_id = null ) {
+ if ( empty( $user_id ) || ! is_numeric( $user_id ) ) {
+ $user_id = get_current_user_id();
+ }
+
+ $providers = self::get_providers();
+ $available_providers = self::get_available_providers_for_user( get_userdata( $user_id ) );
+
+ // If there's only one available provider, force that to be the primary.
+ if ( empty( $available_providers ) ) {
+ return null;
+ } elseif ( 1 === count( $available_providers ) ) {
+ $provider = key( $available_providers );
+ } else {
+ $provider = get_user_meta( $user_id, self::PROVIDER_USER_META_KEY, true );
+
+ // If the provider specified isn't enabled, just grab the first one that is.
+ if ( ! isset( $available_providers[ $provider ] ) ) {
+ $provider = key( $available_providers );
+ }
+ }
+
+ /**
+ * Filter the two-factor authentication provider used for this user.
+ *
+ * @param string $provider The provider currently being used.
+ * @param int $user_id The user ID.
+ */
+ $provider = apply_filters( 'two_factor_primary_provider_for_user', $provider, $user_id );
+
+ if ( isset( $providers[ $provider ] ) ) {
+ return $providers[ $provider ];
+ }
+
+ return null;
+ }
+
+ /**
+ * Quick boolean check for whether a given user is using two-step.
+ *
+ * @since 0.1-dev
+ *
+ * @param int $user_id Optional. User ID. Default is 'null'.
+ * @return bool
+ */
+ public static function is_user_using_two_factor( $user_id = null ) {
+ $provider = self::get_primary_provider_for_user( $user_id );
+ return ! empty( $provider );
+ }
+
+ /**
+ * Handle the browser-based login.
+ *
+ * @since 0.1-dev
+ *
+ * @param string $user_login Username.
+ * @param WP_User $user WP_User object of the logged-in user.
+ */
+ public static function wp_login( $user_login, $user ) {
+ if ( ! self::is_user_using_two_factor( $user->ID ) ) {
+ return;
+ }
+
+ wp_clear_auth_cookie();
+
+ self::show_two_factor_login( $user );
+ exit;
+ }
+
+ /**
+ * Prevent login through XML-RPC and REST API for users with at least one
+ * two-factor method enabled.
+ *
+ * @param WP_User|WP_Error $user Valid WP_User only if the previous filters
+ * have verified and confirmed the
+ * authentication credentials.
+ *
+ * @return WP_User|WP_Error
+ */
+ public static function filter_authenticate( $user ) {
+ if ( $user instanceof WP_User && self::is_api_request() && self::is_user_using_two_factor( $user->ID ) && ! self::is_user_api_login_enabled( $user->ID ) ) {
+ return new WP_Error(
+ 'invalid_application_credentials',
+ __( 'Error: API login for user disabled.', 'two-factor' )
+ );
+ }
+
+ return $user;
+ }
+
+ /**
+ * If the current user can login via API requests such as XML-RPC and REST.
+ *
+ * @param integer $user_id User ID.
+ *
+ * @return boolean
+ */
+ public static function is_user_api_login_enabled( $user_id ) {
+ return (bool) apply_filters( 'two_factor_user_api_login_enable', false, $user_id );
+ }
+
+ /**
+ * Is the current request an XML-RPC or REST request.
+ *
+ * @return boolean
+ */
+ public static function is_api_request() {
+ if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
+ return true;
+ }
+
+ if ( defined( 'REST_REQUEST' ) && REST_REQUEST ) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Display the login form.
+ *
+ * @since 0.1-dev
+ *
+ * @param WP_User $user WP_User object of the logged-in user.
+ */
+ public static function show_two_factor_login( $user ) {
+ if ( ! $user ) {
+ $user = wp_get_current_user();
+ }
+
+ $login_nonce = self::create_login_nonce( $user->ID );
+ if ( ! $login_nonce ) {
+ wp_die( esc_html__( 'Failed to create a login nonce.', 'two-factor' ) );
+ }
+
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : admin_url();
+
+ self::login_html( $user, $login_nonce['key'], $redirect_to );
+ }
+
+ /**
+ * Display the Backup code 2fa screen.
+ *
+ * @since 0.1-dev
+ */
+ public static function backup_2fa() {
+ if ( ! isset( $_GET['wp-auth-id'], $_GET['wp-auth-nonce'], $_GET['provider'] ) ) {
+ return;
+ }
+
+ $user = get_userdata( $_GET['wp-auth-id'] );
+ if ( ! $user ) {
+ return;
+ }
+
+ $nonce = $_GET['wp-auth-nonce'];
+ if ( true !== self::verify_login_nonce( $user->ID, $nonce ) ) {
+ wp_safe_redirect( get_bloginfo( 'url' ) );
+ exit;
+ }
+
+ $providers = self::get_available_providers_for_user( $user );
+ if ( isset( $providers[ $_GET['provider'] ] ) ) {
+ $provider = $providers[ $_GET['provider'] ];
+ } else {
+ wp_die( esc_html__( 'Cheatin’ uh?', 'two-factor' ), 403 );
+ }
+
+ self::login_html( $user, $_GET['wp-auth-nonce'], $_GET['redirect_to'], '', $provider );
+
+ exit;
+ }
+
+ /**
+ * Generates the html form for the second step of the authentication process.
+ *
+ * @since 0.1-dev
+ *
+ * @param WP_User $user WP_User object of the logged-in user.
+ * @param string $login_nonce A string nonce stored in usermeta.
+ * @param string $redirect_to The URL to which the user would like to be redirected.
+ * @param string $error_msg Optional. Login error message.
+ * @param string|object $provider An override to the provider.
+ */
+ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg = '', $provider = null ) {
+ if ( empty( $provider ) ) {
+ $provider = self::get_primary_provider_for_user( $user->ID );
+ } elseif ( is_string( $provider ) && method_exists( $provider, 'get_instance' ) ) {
+ $provider = call_user_func( array( $provider, 'get_instance' ) );
+ }
+
+ $provider_class = get_class( $provider );
+
+ $available_providers = self::get_available_providers_for_user( $user );
+ $backup_providers = array_diff_key( $available_providers, array( $provider_class => null ) );
+ $interim_login = isset( $_REQUEST['interim-login'] ); // WPCS: CSRF ok.
+
+ $rememberme = intval( self::rememberme() );
+
+ if ( ! function_exists( 'login_header' ) ) {
+ // We really should migrate login_header() out of `wp-login.php` so it can be called from an includes file.
+ include_once( TWO_FACTOR_DIR . 'includes/function.login-header.php' );
+ }
+
+ login_header();
+
+ if ( ! empty( $error_msg ) ) {
+ echo '<div id="login_error"><strong>' . esc_html( $error_msg ) . '</strong><br /></div>';
+ }
+ ?>
+
+ <form name="validate_2fa_form" id="loginform" action="<?php echo esc_url( self::login_url( array( 'action' => 'validate_2fa' ), 'login_post' ) ); ?>" method="post" autocomplete="off">
+ <input type="hidden" name="provider" id="provider" value="<?php echo esc_attr( $provider_class ); ?>" />
+ <input type="hidden" name="wp-auth-id" id="wp-auth-id" value="<?php echo esc_attr( $user->ID ); ?>" />
+ <input type="hidden" name="wp-auth-nonce" id="wp-auth-nonce" value="<?php echo esc_attr( $login_nonce ); ?>" />
+ <?php if ( $interim_login ) { ?>
+ <input type="hidden" name="interim-login" value="1" />
+ <?php } else { ?>
+ <input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" />
+ <?php } ?>
+ <input type="hidden" name="rememberme" id="rememberme" value="<?php echo esc_attr( $rememberme ); ?>" />
+
+ <?php $provider->authentication_page( $user ); ?>
+ </form>
+
+ <?php
+ if ( 1 === count( $backup_providers ) ) :
+ $backup_classname = key( $backup_providers );
+ $backup_provider = $backup_providers[ $backup_classname ];
+ $login_url = self::login_url(
+ array(
+ 'action' => 'backup_2fa',
+ 'provider' => $backup_classname,
+ 'wp-auth-id' => $user->ID,
+ 'wp-auth-nonce' => $login_nonce,
+ 'redirect_to' => $redirect_to,
+ 'rememberme' => $rememberme,
+ )
+ );
+ ?>
+ <div class="backup-methods-wrap">
+ <p class="backup-methods">
+ <a href="<?php echo esc_url( $login_url ); ?>">
+ <?php
+ echo esc_html(
+ sprintf(
+ // translators: %s: Two-factor method name.
+ __( 'Or, use your backup method: %s →', 'two-factor' ),
+ $backup_provider->get_label()
+ )
+ );
+ ?>
+ </a>
+ </p>
+ </div>
+ <?php elseif ( 1 < count( $backup_providers ) ) : ?>
+ <div class="backup-methods-wrap">
+ <p class="backup-methods">
+ <a href="javascript:;" onclick="document.querySelector('ul.backup-methods').style.display = 'block';">
+ <?php esc_html_e( 'Or, use a backup method…', 'two-factor' ); ?>
+ </a>
+ </p>
+ <ul class="backup-methods">
+ <?php
+ foreach ( $backup_providers as $backup_classname => $backup_provider ) :
+ $login_url = self::login_url(
+ array(
+ 'action' => 'backup_2fa',
+ 'provider' => $backup_classname,
+ 'wp-auth-id' => $user->ID,
+ 'wp-auth-nonce' => $login_nonce,
+ 'redirect_to' => $redirect_to,
+ 'rememberme' => $rememberme,
+ )
+ );
+ ?>
+ <li>
+ <a href="<?php echo esc_url( $login_url ); ?>">
+ <?php $backup_provider->print_label(); ?>
+ </a>
+ </li>
+ <?php endforeach; ?>
+ </ul>
+ </div>
+ <?php endif; ?>
+
+ <p id="backtoblog">
+ <a href="<?php echo esc_url( home_url( '/' ) ); ?>" title="<?php esc_attr_e( 'Are you lost?', 'two-factor' ); ?>">
+ <?php
+ echo esc_html(
+ sprintf(
+ // translators: %s: site name.
+ __( '← Back to %s', 'two-factor' ),
+ get_bloginfo( 'title', 'display' )
+ )
+ );
+ ?>
+ </a>
+ </p>
+ </div>
+ <style>
+ /* @todo: migrate to an external stylesheet. */
+ .backup-methods-wrap {
+ margin-top: 16px;
+ padding: 0 24px;
+ }
+ .backup-methods-wrap a {
+ color: #999;
+ text-decoration: none;
+ }
+ ul.backup-methods {
+ display: none;
+ padding-left: 1.5em;
+ }
+ /* Prevent Jetpack from hiding our controls, see https://github.com/Automattic/jetpack/issues/3747 */
+ .jetpack-sso-form-display #loginform > p,
+ .jetpack-sso-form-display #loginform > div {
+ display: block;
+ }
+ </style>
+
+ <?php
+ /** This action is documented in wp-login.php */
+ do_action( 'login_footer' ); ?>
+ <div class="clear"></div>
+ </body>
+ </html>
+ <?php
+ }
+
+ /**
+ * Generate the two-factor login form URL.
+ *
+ * @param array $params List of query argument pairs to add to the URL.
+ * @param string $scheme URL scheme context.
+ *
+ * @return string
+ */
+ public static function login_url( $params = array(), $scheme = 'login' ) {
+ if ( ! is_array( $params ) ) {
+ $params = array();
+ }
+
+ $params = urlencode_deep( $params );
+
+ return add_query_arg( $params, site_url( 'wp-login.php', $scheme ) );
+ }
+
+ /**
+ * Create the login nonce.
+ *
+ * @since 0.1-dev
+ *
+ * @param int $user_id User ID.
+ * @return array
+ */
+ public static function create_login_nonce( $user_id ) {
+ $login_nonce = array();
+ try {
+ $login_nonce['key'] = bin2hex( random_bytes( 32 ) );
+ } catch (Exception $ex) {
+ $login_nonce['key'] = wp_hash( $user_id . mt_rand() . microtime(), 'nonce' );
+ }
+ $login_nonce['expiration'] = time() + HOUR_IN_SECONDS;
+
+ if ( ! update_user_meta( $user_id, self::USER_META_NONCE_KEY, $login_nonce ) ) {
+ return false;
+ }
+
+ return $login_nonce;
+ }
+
+ /**
+ * Delete the login nonce.
+ *
+ * @since 0.1-dev
+ *
+ * @param int $user_id User ID.
+ * @return bool
+ */
+ public static function delete_login_nonce( $user_id ) {
+ return delete_user_meta( $user_id, self::USER_META_NONCE_KEY );
+ }
+
+ /**
+ * Verify the login nonce.
+ *
+ * @since 0.1-dev
+ *
+ * @param int $user_id User ID.
+ * @param string $nonce Login nonce.
+ * @return bool
+ */
+ public static function verify_login_nonce( $user_id, $nonce ) {
+ $login_nonce = get_user_meta( $user_id, self::USER_META_NONCE_KEY, true );
+ if ( ! $login_nonce ) {
+ return false;
+ }
+
+ if ( $nonce !== $login_nonce['key'] || time() > $login_nonce['expiration'] ) {
+ self::delete_login_nonce( $user_id );
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Login form validation.
+ *
+ * @since 0.1-dev
+ */
+ public static function login_form_validate_2fa() {
+ if ( ! isset( $_POST['wp-auth-id'], $_POST['wp-auth-nonce'] ) ) {
+ return;
+ }
+
+ $user = get_userdata( $_POST['wp-auth-id'] );
+ if ( ! $user ) {
+ return;
+ }
+
+ $nonce = $_POST['wp-auth-nonce'];
+ if ( true !== self::verify_login_nonce( $user->ID, $nonce ) ) {
+ wp_safe_redirect( get_bloginfo( 'url' ) );
+ exit;
+ }
+
+ if ( isset( $_POST['provider'] ) ) {
+ $providers = self::get_available_providers_for_user( $user );
+ if ( isset( $providers[ $_POST['provider'] ] ) ) {
+ $provider = $providers[ $_POST['provider'] ];
+ } else {
+ wp_die( esc_html__( 'Cheatin’ uh?', 'two-factor' ), 403 );
+ }
+ } else {
+ $provider = self::get_primary_provider_for_user( $user->ID );
+ }
+
+ // Allow the provider to re-send codes, etc.
+ if ( true === $provider->pre_process_authentication( $user ) ) {
+ $login_nonce = self::create_login_nonce( $user->ID );
+ if ( ! $login_nonce ) {
+ wp_die( esc_html__( 'Failed to create a login nonce.', 'two-factor' ) );
+ }
+
+ self::login_html( $user, $login_nonce['key'], $_REQUEST['redirect_to'], '', $provider );
+ exit;
+ }
+
+ // Ask the provider to verify the second factor.
+ if ( true !== $provider->validate_authentication( $user ) ) {
+ do_action( 'wp_login_failed', $user->user_login );
+
+ $login_nonce = self::create_login_nonce( $user->ID );
+ if ( ! $login_nonce ) {
+ wp_die( esc_html__( 'Failed to create a login nonce.', 'two-factor' ) );
+ }
+
+ self::login_html( $user, $login_nonce['key'], $_REQUEST['redirect_to'], esc_html__( 'ERROR: Invalid verification code.', 'two-factor' ), $provider );
+ exit;
+ }
+
+ self::delete_login_nonce( $user->ID );
+
+ $rememberme = false;
+ if ( isset( $_REQUEST['rememberme'] ) && $_REQUEST['rememberme'] ) {
+ $rememberme = true;
+ }
+
+ wp_set_auth_cookie( $user->ID, $rememberme );
+
+ // Must be global because that's how login_header() uses it.
+ global $interim_login;
+ $interim_login = isset( $_REQUEST['interim-login'] ); // WPCS: override ok.
+
+ if ( $interim_login ) {
+ $customize_login = isset( $_REQUEST['customize-login'] );
+ if ( $customize_login ) {
+ wp_enqueue_script( 'customize-base' );
+ }
+ $message = '<p class="message">' . __( 'You have logged in successfully.', 'two-factor' ) . '</p>';
+ $interim_login = 'success'; // WPCS: override ok.
+ login_header( '', $message ); ?>
+ </div>
+ <?php
+ /** This action is documented in wp-login.php */
+ do_action( 'login_footer' ); ?>
+ <?php if ( $customize_login ) : ?>
+ <script type="text/javascript">setTimeout( function(){ new wp.customize.Messenger({ url: '<?php echo wp_customize_url(); /* WPCS: XSS OK. */ ?>', channel: 'login' }).send('login') }, 1000 );</script>
+ <?php endif; ?>
+ </body></html>
+ <?php
+ exit;
+ }
+ $redirect_to = apply_filters( 'login_redirect', $_REQUEST['redirect_to'], $_REQUEST['redirect_to'], $user );
+ wp_safe_redirect( $redirect_to );
+
+ exit;
+ }
+
+ /**
+ * Filter the columns on the Users admin screen.
+ *
+ * @param array $columns Available columns.
+ * @return array Updated array of columns.
+ */
+ public static function filter_manage_users_columns( array $columns ) {
+ $columns['two-factor'] = __( 'Two-Factor', 'two-factor' );
+ return $columns;
+ }
+
+ /**
+ * Output the 2FA column data on the Users screen.
+ *
+ * @param string $output The column output.
+ * @param string $column_name The column ID.
+ * @param int $user_id The user ID.
+ * @return string The column output.
+ */
+ public static function manage_users_custom_column( $output, $column_name, $user_id ) {
+
+ if ( 'two-factor' !== $column_name ) {
+ return $output;
+ }
+
+ if ( ! self::is_user_using_two_factor( $user_id ) ) {
+ return sprintf( '<span class="dashicons-before dashicons-no-alt">%s</span>', esc_html__( 'Disabled', 'two-factor' ) );
+ } else {
+ $provider = self::get_primary_provider_for_user( $user_id );
+ return esc_html( $provider->get_label() );
+ }
+
+ }
+
+ /**
+ * Add user profile fields.
+ *
+ * This executes during the `show_user_profile` & `edit_user_profile` actions.
+ *
+ * @since 0.1-dev
+ *
+ * @param WP_User $user WP_User object of the logged-in user.
+ */
+ public static function user_two_factor_options( $user ) {
+ wp_enqueue_style( 'user-edit-2fa', plugins_url( 'user-edit.css', __FILE__ ) );
+
+ $enabled_providers = array_keys( self::get_available_providers_for_user( $user ) );
+ $primary_provider = self::get_primary_provider_for_user( $user->ID );
+
+ if ( ! empty( $primary_provider ) && is_object( $primary_provider ) ) {
+ $primary_provider_key = get_class( $primary_provider );
+ } else {
+ $primary_provider_key = null;
+ }
+
+ wp_nonce_field( 'user_two_factor_options', '_nonce_user_two_factor_options', false );
+
+ ?>
+ <input type="hidden" name="<?php echo esc_attr( self::ENABLED_PROVIDERS_USER_META_KEY ); ?>[]" value="<?php /* Dummy input so $_POST value is passed when no providers are enabled. */ ?>" />
+ <table class="form-table" id="two-factor-options">
+ <tr>
+ <th>
+ <?php esc_html_e( 'Two-Factor Options', 'two-factor' ); ?>
+ </th>
+ <td>
+ <table class="two-factor-methods-table">
+ <thead>
+ <tr>
+ <th class="col-enabled" scope="col"><?php esc_html_e( 'Enabled', 'two-factor' ); ?></th>
+ <th class="col-primary" scope="col"><?php esc_html_e( 'Primary', 'two-factor' ); ?></th>
+ <th class="col-name" scope="col"><?php esc_html_e( 'Name', 'two-factor' ); ?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php foreach ( self::get_providers() as $class => $object ) : ?>
+ <tr>
+ <th scope="row"><input type="checkbox" name="<?php echo esc_attr( self::ENABLED_PROVIDERS_USER_META_KEY ); ?>[]" value="<?php echo esc_attr( $class ); ?>" <?php checked( in_array( $class, $enabled_providers ) ); ?> /></th>
+ <th scope="row"><input type="radio" name="<?php echo esc_attr( self::PROVIDER_USER_META_KEY ); ?>" value="<?php echo esc_attr( $class ); ?>" <?php checked( $class, $primary_provider_key ); ?> /></th>
+ <td>
+ <?php $object->print_label(); ?>
+ <?php do_action( 'two-factor-user-options-' . $class, $user ); ?>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </tbody>
+ </table>
+ </td>
+ </tr>
+ </table>
+ <?php
+ /**
+ * Fires after the Two Factor methods table.
+ *
+ * To be used by Two Factor methods to add settings UI.
+ *
+ * @since 0.1-dev
+ */
+ do_action( 'show_user_security_settings', $user );
+ }
+
+ /**
+ * Update the user meta value.
+ *
+ * This executes during the `personal_options_update` & `edit_user_profile_update` actions.
+ *
+ * @since 0.1-dev
+ *
+ * @param int $user_id User ID.
+ */
+ public static function user_two_factor_options_update( $user_id ) {
+ if ( isset( $_POST['_nonce_user_two_factor_options'] ) ) {
+ check_admin_referer( 'user_two_factor_options', '_nonce_user_two_factor_options' );
+
+ if ( ! isset( $_POST[ self::ENABLED_PROVIDERS_USER_META_KEY ] ) ||
+ ! is_array( $_POST[ self::ENABLED_PROVIDERS_USER_META_KEY ] ) ) {
+ return;
+ }
+
+ $providers = self::get_providers();
+
+ $enabled_providers = $_POST[ self::ENABLED_PROVIDERS_USER_META_KEY ];
+
+ // Enable only the available providers.
+ $enabled_providers = array_intersect( $enabled_providers, array_keys( $providers ) );
+ update_user_meta( $user_id, self::ENABLED_PROVIDERS_USER_META_KEY, $enabled_providers );
+
+ // Primary provider must be enabled.
+ $new_provider = isset( $_POST[ self::PROVIDER_USER_META_KEY ] ) ? $_POST[ self::PROVIDER_USER_META_KEY ] : '';
+ if ( ! empty( $new_provider ) && in_array( $new_provider, $enabled_providers, true ) ) {
+ update_user_meta( $user_id, self::PROVIDER_USER_META_KEY, $new_provider );
+ }
+ }
+ }
+
+ /**
+ * Should the login session persist between sessions.
+ *
+ * @return boolean
+ */
+ public static function rememberme() {
+ $rememberme = false;
+
+ if ( ! empty( $_REQUEST['rememberme'] ) ) {
+ $rememberme = true;
+ }
+
+ return (bool) apply_filters( 'two_factor_rememberme', $rememberme );
+ }
+}
+
diff --git a/wp-content/plugins/two-factor/includes/Google/u2f-api.js b/wp-content/plugins/two-factor/includes/Google/u2f-api.js
index 9244d14e74066eda7e6ad1d9912efbfaf540aad9..60c1355c8e3e41b094313f9ce87a631f53e9219b 100644
--- a/wp-content/plugins/two-factor/includes/Google/u2f-api.js
+++ b/wp-content/plugins/two-factor/includes/Google/u2f-api.js
@@ -37,7 +37,7 @@ var js_api_version;
/**
- * Message types for messsages to/from the extension
+ * Message types for messages to/from the extension
* @const
* @enum {string}
*/
diff --git a/wp-content/plugins/two-factor/providers/class.two-factor-backup-codes.php b/wp-content/plugins/two-factor/providers/class.two-factor-backup-codes.php
index 62ca51bbb686e49c5d88cb7f05c81d8388b96831..8dfbaf3ac9a12c72de32471069e04393b30380a7 100644
--- a/wp-content/plugins/two-factor/providers/class.two-factor-backup-codes.php
+++ b/wp-content/plugins/two-factor/providers/class.two-factor-backup-codes.php
@@ -186,7 +186,7 @@ class Two_Factor_Backup_Codes extends Two_Factor_Provider {
* @since 0.1-dev
*
* @param WP_User $user WP_User object of the logged-in user.
- * @param array $args Optional arguments for assinging new codes.
+ * @param array $args Optional arguments for assigning new codes.
* @return array
*/
public function generate_codes( $user, $args = '' ) {
diff --git a/wp-content/plugins/two-factor/providers/class.two-factor-fido-u2f-admin-list-table.php b/wp-content/plugins/two-factor/providers/class.two-factor-fido-u2f-admin-list-table.php
index 7942c9a9413919eb0603a128e7004d4df61486b3..95109e7d19ab7bbc4a67c94b6de4d012e698ec0e 100644
--- a/wp-content/plugins/two-factor/providers/class.two-factor-fido-u2f-admin-list-table.php
+++ b/wp-content/plugins/two-factor/providers/class.two-factor-fido-u2f-admin-list-table.php
@@ -24,7 +24,7 @@ class Two_Factor_FIDO_U2F_Admin_List_Table extends WP_List_Table {
public function get_columns() {
return array(
'name' => wp_strip_all_tags( __( 'Name', 'two-factor' ) ),
- 'added' => wp_strip_all_tags( __( 'Added', 'two-factor' ) ),
+ 'added' => wp_strip_all_tags( __( 'Added', 'two-factor' ) ),
'last_used' => wp_strip_all_tags( __( 'Last Used', 'two-factor' ) ),
);
}
diff --git a/wp-content/plugins/two-factor/readme.md b/wp-content/plugins/two-factor/readme.md
index 97bf5210a377c398fda13c3705eb8596b7df7fca..7e18149bd6d53fe2c7a77188a9a417fc17447fae 100644
--- a/wp-content/plugins/two-factor/readme.md
+++ b/wp-content/plugins/two-factor/readme.md
@@ -4,13 +4,14 @@
Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.
-**Contributors:** [georgestephanis](https://profiles.wordpress.org/georgestephanis), [valendesigns](https://profiles.wordpress.org/valendesigns), [stevenkword](https://profiles.wordpress.org/stevenkword), [extendwings](https://profiles.wordpress.org/extendwings), [sgrant](https://profiles.wordpress.org/sgrant), [aaroncampbell](https://profiles.wordpress.org/aaroncampbell), [johnbillion](https://profiles.wordpress.org/johnbillion), [stevegrunwell](https://profiles.wordpress.org/stevegrunwell), [netweb](https://profiles.wordpress.org/netweb), [kasparsd](https://profiles.wordpress.org/kasparsd)
+**Contributors:** [georgestephanis](https://profiles.wordpress.org/georgestephanis), [valendesigns](https://profiles.wordpress.org/valendesigns), [stevenkword](https://profiles.wordpress.org/stevenkword), [extendwings](https://profiles.wordpress.org/extendwings), [sgrant](https://profiles.wordpress.org/sgrant), [aaroncampbell](https://profiles.wordpress.org/aaroncampbell), [johnbillion](https://profiles.wordpress.org/johnbillion), [stevegrunwell](https://profiles.wordpress.org/stevegrunwell), [netweb](https://profiles.wordpress.org/netweb), [kasparsd](https://profiles.wordpress.org/kasparsd), [alihusnainarshad](https://profiles.wordpress.org/alihusnainarshad)
**Tags:** [two factor](https://wordpress.org/plugins/tags/two-factor), [two step](https://wordpress.org/plugins/tags/two-step), [authentication](https://wordpress.org/plugins/tags/authentication), [login](https://wordpress.org/plugins/tags/login), [totp](https://wordpress.org/plugins/tags/totp), [fido u2f](https://wordpress.org/plugins/tags/fido-u2f), [u2f](https://wordpress.org/plugins/tags/u2f), [email](https://wordpress.org/plugins/tags/email), [backup codes](https://wordpress.org/plugins/tags/backup-codes), [2fa](https://wordpress.org/plugins/tags/2fa), [yubikey](https://wordpress.org/plugins/tags/yubikey)
**Requires at least:** 4.3
-**Tested up to:** 5.2
+**Tested up to:** 5.3
**Stable tag:** trunk (master)
+**Requires PHP:** 5.6
-[](https://travis-ci.org/georgestephanis/two-factor) [](https://coveralls.io/github/georgestephanis/two-factor) [](http://gruntjs.com)
+[](https://travis-ci.org/WordPress/two-factor) [](https://coveralls.io/github/WordPress/two-factor) [](http://gruntjs.com)
## Description ##
@@ -21,7 +22,7 @@ Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable
- FIDO Universal 2nd Factor (U2F)
- Backup Codes
- Dummy Method (only for testing purposes)
-
+
For more history, see [this post](https://stephanis.info/2013/08/14/two-cents-on-two-factor/).
## Screenshots ##
@@ -34,18 +35,22 @@ For more history, see [this post](https://stephanis.info/2013/08/14/two-cents-on
-## Get Involved ##
-
-Development happens [on GitHub](https://github.com/georgestephanis/two-factor/). Join the `#core-passwords` channel [on WordPress Slack](http://wordpress.slack.com) ([sign up here](http://chat.wordpress.org)).
+### Email Code Authentication during WordPress Login.
-Here is how to get started:
+
- $ git clone https://github.com/georgestephanis/two-factor.git
- $ npm install
+## Get Involved ##
+Development happens [on GitHub](https://github.com/wordpress/two-factor/). Join the `#core-passwords` channel [on WordPress Slack](http://wordpress.slack.com) ([sign up here](http://chat.wordpress.org)).
+
+Here is how to get started:
+
+ $ git clone https://github.com/wordpress/two-factor.git
+ $ npm install
+
Then open [a pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) with the suggested changes.
## Changelog ##
-See the [release history](https://github.com/georgestephanis/two-factor/releases).
+See the [release history](https://github.com/wordpress/two-factor/releases).
diff --git a/wp-content/plugins/two-factor/readme.txt b/wp-content/plugins/two-factor/readme.txt
index 6baa4caa8561a961a584c41e93beb1f3339ed590..a337755dcabdc24cbd9b9c609e9f4f689ac49528 100644
--- a/wp-content/plugins/two-factor/readme.txt
+++ b/wp-content/plugins/two-factor/readme.txt
@@ -1,13 +1,14 @@
-=== Two-Factor ===
-Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd
-Tags: two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
-Requires at least: 4.3
-Tested up to: 5.2
-Stable tag: trunk
-
-Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.
-
-== Description ==
+=== Two-Factor ===
+Contributors: georgestephanis, valendesigns, stevenkword, extendwings, sgrant, aaroncampbell, johnbillion, stevegrunwell, netweb, kasparsd, alihusnainarshad
+Tags: two factor, two step, authentication, login, totp, fido u2f, u2f, email, backup codes, 2fa, yubikey
+Requires at least: 4.3
+Tested up to: 5.3
+Requires PHP: 5.6
+Stable tag: trunk
+
+Enable Two-Factor Authentication using time-based one-time passwords (OTP, Google Authenticator), Universal 2nd Factor (FIDO U2F, YubiKey), email and backup verification codes.
+
+== Description ==
Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable and configure one or multiple two-factor authentication providers for your account:
@@ -16,27 +17,27 @@ Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable
- FIDO Universal 2nd Factor (U2F)
- Backup Codes
- Dummy Method (only for testing purposes)
-
-For more history, see [this post](https://stephanis.info/2013/08/14/two-cents-on-two-factor/).
+
+For more history, see [this post](https://stephanis.info/2013/08/14/two-cents-on-two-factor/).
== Screenshots ==
1. Two-factor options under User Profile.
2. U2F Security Keys section under User Profile.
+3. Email Code Authentication during WordPress Login.
+
+== Get Involved ==
+
+Development happens [on GitHub](https://github.com/wordpress/two-factor/). Join the `#core-passwords` channel [on WordPress Slack](http://wordpress.slack.com) ([sign up here](http://chat.wordpress.org)).
+
+Here is how to get started:
+
+ $ git clone https://github.com/wordpress/two-factor.git
+ $ npm install
+
+Then open [a pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) with the suggested changes.
+
+== Changelog ==
-
-== Get Involved ==
-
-Development happens [on GitHub](https://github.com/georgestephanis/two-factor/). Join the `#core-passwords` channel [on WordPress Slack](http://wordpress.slack.com) ([sign up here](http://chat.wordpress.org)).
-
-Here is how to get started:
-
- $ git clone https://github.com/georgestephanis/two-factor.git
- $ npm install
-
-Then open [a pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) with the suggested changes.
-
-== Changelog ==
-
-See the [release history](https://github.com/georgestephanis/two-factor/releases).
+See the [release history](https://github.com/wordpress/two-factor/releases).
diff --git a/wp-content/plugins/two-factor/two-factor.php b/wp-content/plugins/two-factor/two-factor.php
index 636e29cd7ebc37abe555cbe40cbd8b15ad1b9d2c..ec7698e18d86f3264772c63e87e994a3a9ab64cc 100644
--- a/wp-content/plugins/two-factor/two-factor.php
+++ b/wp-content/plugins/two-factor/two-factor.php
@@ -2,10 +2,10 @@
/**
* Plugin Name: Two Factor
* Plugin URI: https://wordpress.org/plugins/two-factor/
- * Description: A prototype extensible core to enable Two-Factor Authentication.
+ * Description: Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F), email and backup verification codes.
* Author: Plugin Contributors
- * Version: 0.4.7
- * Author URI: https://github.com/georgestephanis/two-factor/graphs/contributors
+ * Version: 0.5.0
+ * Author URI: https://github.com/wordpress/two-factor/graphs/contributors
* Network: True
* Text Domain: two-factor
*/
@@ -23,6 +23,13 @@ require_once( TWO_FACTOR_DIR . 'providers/class.two-factor-provider.php' );
/**
* Include the core that handles the common bits.
*/
-require_once( TWO_FACTOR_DIR . 'class.two-factor-core.php' );
+require_once( TWO_FACTOR_DIR . 'class-two-factor-core.php' );
-Two_Factor_Core::add_hooks();
+/**
+ * A compatability layer for some of the most-used plugins out there.
+ */
+require_once( TWO_FACTOR_DIR . 'class-two-factor-compat.php' );
+
+$two_factor_compat = new Two_Factor_Compat();
+
+Two_Factor_Core::add_hooks( $two_factor_compat );