=== 2FA LearnDash LMS WordPress ===
Contributors: cyberlord92, twofactor
Tags: LearnDash, LMS, prevent account sharing, 2FA, e-learning
Donate link: https://miniorange.com/
Requires at least: 3.0.1
Tested up to: 5.6
Requires PHP: 5.3.0
Stable tag: 1.0.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Prevent account sharing, handle concurrent sessions, one login using wordpress 2FA LearnDash LMS plugin. Supports various LMS like Learndash, LifterLMS, Masterstudy LMS, LearnPress LMS, Namaste! LMS, Membership, Good LMS, Sensei LMS, Teachable LMS.
== Description ==
LMS paid elearning courses can be prevented from account sharing using the 2FA LearnDash LMS plugin. This 2FA learndash LMS plugin is free, easy to setup and compaitble with other LMS like LearnPress LMS, LifterLMS, Membership, Masterstudy LMS, LearnPress LMS, Namaste! LMS, Membership, Good LMS, Sensei LMS, Teachable LMS. 2FA LearnDash LMS also support session control, login limit and idle session logout feature.
= Third Party Custom SMS Gateway for OTP over SMS =
Premium plugin supports any third party custom SMS Gateway. If you don't have your own SMS gateway you can use miniOrange gateway. Send SMS all over the world.
* Some Famous Gateways Supported:
* [Twilio](https://www.twilio.com/) (Use Twilio for OTP over SMS in 2FA LearnDash LMS)
* [Clickatell](https://www.clickatell.com/) (Use Clickatell for OTP over SMS in 2FA LearnDash LMS)
* [ClickSend](https://www.clicksend.com/in/) (Use ClickSend for OTP over SMS in 2FA LearnDash LMS)
* [SendGrid](https://sendgrid.com/) (Use SendGrid for OTP over SMS in 2FA LearnDash LMS)
* [Plivo](https://www.plivo.com/) (Use Plivo for OTP over SMS in 2FA LearnDash LMS)
* [GatewayApi](https://gatewayapi.com/) (Use GatewayApi for OTP over SMS in 2FA LearnDash LMS)
Others not listed gateway can be tested on our site, Test your Gateway: [Custom Gateway](https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/admin/customer/smsconfig)
= All LMS Login Forms Supported =
2FA LearnDash LMS support all the Login forms to verify users.
* [Woocommerce](https://wordpress.org/plugins/woocommerce/) (Login Woocommerce using 2FA LearnDash LMS)
* [BuddyPress form](https://wordpress.org/plugins/buddypress/) (Login BuddyPress using 2FA LearnDash LMS)
* [bbpress form](https://wordpress.org/plugins/bbpress/) (Login bbpress using 2FA LearnDash LMS)
* [Digimember](https://digimember.com/) (Login Digimember using 2FA LearnDash LMS)
* [Paid Memberships Pro](https://wordpress.org/plugins/paid-memberships-pro/) (Login Paid Memberships Pro using 2FA LearnDash LMS)
* [Memberpress Pro](https://memberpress.com/) (Login Memberpress Pro using 2FA LearnDash LMS)
* [Ultimate Member – User Profile & Membership Form](https://wordpress.org/plugins/ultimate-member/) (Login Ultimate Member – User Profile & Membership using 2FA LearnDash LMS)
* [LearnDash](https://www.learndash.com/) (Login LearnDash using 2FA LearnDash LMS)
* [LearnPress](https://wordpress.org/plugins/learnpress/) (Login LearnPress using 2FA LearnDash LMS)
* [LifterLMS](https://wordpress.org/plugins/lifterlms/) (Login LifterLMS using 2FA LearnDash LMS)
* [Dokan](https://wordpress.org/plugins/dokan-lite/) (Login Dokan using 2FA LearnDash LMS)
* And many more
Supports variety of WordPress LMS
*[LearnDash](https://www.learndash.com/) Prevent account sharing using 2FA LearnDash LMS
*[Tutor](https://wordpress.org/plugins/tutor/) Prevent account sharing using 2FA LearnDash LMS
*[LearnPress](https://wordpress.org/plugins/learnpress/) Prevent account sharing using 2FA LearnDash LMS
*[sensei](https://wordpress.org/plugins/sensei-lms/) Prevent account sharing using 2FA LearnDash LMS
*[MasterStudy](https://wordpress.org/plugins/masterstudy-lms-learning-management-system/) Prevent account sharing using 2FA LearnDash LMS
*[LifterLMS](https://wordpress.org/plugins/lifterlms/) Prevent account sharing using 2FA LearnDash LMS
*[WP Courses](https://wordpress.org/plugins/wp-courses/) Prevent account sharing using 2FA LearnDash LMS
*[cluevo](https://wordpress.org/plugins/cluevo-lms/) Prevent account sharing using 2FA LearnDash LMS
*[Namaste](https://wordpress.org/plugins/namaste-lms/) Prevent account sharing using 2FA LearnDash LMS
= FREE Plugin Features =
* Simplified & easy user interface.
* Two Factor Authentication (2FA) for **3 User** forever FREE!
* **Variety of Authentication Methods:** Any App supporting TOTP algorithm like Google Authenticator, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA)
* Includes Language Translation Support. Supports a wide variety of languages
* Session Control - Limit the number of simultaneous sessions upto minimum 4 sessions.
* Session Control (Idle Session) - Logout a user who was inactive for a period of time.
* Session Control (Session Time) - Set a time limit on the user's session.
= Standard Plugin Features =
* Two Factor Authentication (2FA) for Users as per the upgrade *( User-based pricing )*
* **Available Authentication Methods:** Google Authenticator, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification. *( SMS credits need to be purchased as per the need)*
* Includes language Translation Support. Supports wide variety of languages.
* **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login. [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
* **Backup Method:** KBA(Security Questions)
* Multisite compatible.
* User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name)
* Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions)
= Premium Plugin Features =
* Two Factor Authentication (2FA) for Users as per the upgrade *( User-based pricing )*
* **Available Authentication Methods:** Google Authenticator, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. *( SMS and Email credits need to be purchased as per the need)*
* Language Translation Support
* **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login [Guide](https://docs.miniorange.com/documentation/login-username-2nd-factor-2)
* **Backup Methods:** KBA(Security Questions), OTP Over Email, Backup Codes [Guide](https://docs.miniorange.com/documentation/want-configure-backup-methods-users-can-configure-case-locked-site-not-able-log)
* Multisite compatible.
* Force Two factor for users [Guide](https://docs.miniorange.com/documentation/enforce-2fa-users)
* Email notification to users asking them to set up Two Factor Authentication (2FA) [Guide](https://docs.miniorange.com/documentation/want-send-email-notification-users-setting-2-factor)
* User role based redirection after Login [Guide](https://docs.miniorange.com/documentation/custom-redirect-login-url), Custom Security Questions (KBA) [Guide](https://docs.miniorange.com/documentation/custom-security-questions), Customize account name in Google Authenticator app [Guide](https://docs.miniorange.com/documentation/google-authenticator-app-name).
* Enable Two Factor Authentication (2FA) for specific Users/User Roles [Guide](https://docs.miniorange.com/documentation/enable-two-factor-based-roles)
* Choose specific authentication methods for Users [Guide](https://docs.miniorange.com/documentation/specific-set-authentication-methods-based-role)
* Set Privacy Policy for users [Guide](https://docs.miniorange.com/documentation/privacy-policy-site)
* App Specific Password to login from mobile Apps
* Remember Device [Guide](https://docs.miniorange.com/documentation/remember-my-device)
* **Add-Ons Included:** RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
= Enterprise Plugin Features =
* Two Factor Authentication (2FA) for Users as per the upgrade *( User-based pricing )*
* **Available Authentication Methods:** Google Authenticator, Authy Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Over Email, OTP Over SMS, OTP Over SMS and Email, Email Verification, Hardware Token. *( SMS and Email credits need to be purchased as per the need)*
* Language Translation Support
* **Multiple Login Options:** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login.
* **Backup Methods:** KBA(Security Questions), OTP Over Email, Backup Codes
* Multisite compatible.
* Email notification to users asking them to set up Two Factor Authentication (2FA).
* User role based redirection after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
* Enable Two Factor Authentication (2FA) for specific Users/User Roles
* Choose specific authentication methods for Users
* App Specific Password to login from mobile Apps
* **Add-Ons Included:** RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
* **Brute force attack prevention, IP Blocking & User login Monitorning. **
* File protection & strong password
= Prevent Account Sharing Between Users =
Many video sharing and E-learning platforms want to prevent sharing of account between the users. This can be done using miniOrange Two factor plugin. Also, e-learning portals can use this to their advantage. It can be used on any websites which create and sell courses. It can be integrated with plugins like Learndash, LearnPress, LifterLMS, MaterStudy and other many LMS.
Other sites like premium video content or any premium content where you want users not to share passwords between friends and Family then you can go for this solution.
= Additional Features =
* **Integration with different LMS **
Check all the features here: [miniOrange Website](https://security.miniorange.com/)
= Why do you need to register? =
miniOrange Two-factor Plugin uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users calls can be only accessed by API keys assigned to you.
Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or 2-factors.
= Add Ons [Applicable for Free and Standard Plans, Inclusive in the Premium Plan] =
* RBA & Trusted Devices Management Add-on Features
* Remember Device
* Set Device Limit for the users to login
* IP Restriction: Limit users to login from specific IPs
* Personalization Add-on Features
* Custom UI of Two Factor Authentication (2FA) popups
* Custom Email and SMS Templates
* Customize 'Powered by' Logo
* Customize Plugin Icon
* Customize Plugin Name
* Short Codes Add-on Features
* Option to turn on/off 2-factor by user
* Option to configure the Google Authenticator and Security Questions by user
* Option to 'Enable Remember Device' from a custom login form
* On-Demand ShortCodes for specific functionalities ( like for enabling 2FA for specific pages)
= Apps Supported by the plugin =
* miniOrange Authenticator App.
* Google Authenticator App.
* Duo Authenticator App.
* Microsoft Authenticator Authenticator App.
* Authy 2-Factor Authentication App [STANDARD / PREMIUM FEATURE]
Useful blog posts about two factor authenticaion plugin
*[Beginner’s Guide: How to Add Two-Factor Authentication to WordPress](https://themeisle.com/blog/how-to-add-two-factor-authentication-to-wordpress/)
*[How to Add WordPress Two-Factor Authentication (2FA)](https://phppot.com/wordpress/how-to-add-wordpress-two-factor-authentication-2fa-using-google-authenticator-plugin/)
miniOrange uses login.xecurify.com if the user chooses to register for our cloud services/upgrade to premium. If the user does not want to register then he can continue using the free onpremise features.
(Link to the privacy policy - https://www.miniorange.com/privacy-policy.pdf)
miniOrange uses play.google.com to direct user to various authenticator apps available on google play store
miniOrange uses apps.apple.com and itunes.apple.com to direct user to various authenticator apps available on apple store
miniOrange uses faq.miniorange.com to provide solutions on common issues customer faces with the plugin
developers.miniorange.com, docs.miniorange.com and plugins.miniorange.com is used to make documents available for users for the easy setups.
www.youtube.com is used to provide 2FA setup videos available to users.
security.miniorange.com is used for the pricing pages of miniOrange paid products.
miniorange.com is used to direct users to home page of the products.
Customized solutions and Active support is available. Email us at info@miniorange.com or call us at +1 9786589387.
**Note: The plugin is GDPR Compliant and supports wide variety of Language Translation**
== Installation ==
= From your WordPress dashboard =
1. Navigate to `Plugins > Add New` from your WP Admin dashboard.
2. Search for `2FA for LMS`.
3. Install `2FA for LMS` and Activate the plugin.
= From WordPress.org =
1. Search for `2FA for LMS` and download it.
2. Unzip and upload the `miniorange-2-factor-authentication` directory to your `/wp-content/plugins/` directory.
3. Activate 2FA for LMS from the Plugins tab of your admin dashboard.
= Once Activated =
1. Select miniOrange 2-Factor from the left menu and follow the instructions.
2. Once, you complete your setup. Click on Log Out button.
3. Enter the username and password. After the initial validation, you will be prompted for the 2-factor method you had set up.
4. Validate yourself with the 2-factor authentication method you configured.
Video Guide :
== Frequently Asked Questions ==
= How do I gain access to my website if I get locked out? =
You can obtain access to your website by one of the below options:
1. If you have an additional administrator account whose Two Factor is not enabled yet, you can login with it.
2. If you had setup KBA questions earlier, you can use them as an alternate method to login to your website.
3. Rename the plugin from FTP - this disables the Two-Factor (2FA) plugin and you will be able to login with your WordPress username and password.
For detailed information, Please check on our website. Locked Out.
You can also check our video Tutorial:
= I want to enable Two-Factor Authentication (2FA) role wise ? =
You can select the roles under Login Settings tab to enable the plugin role wise. [PREMIUM FEATURE]
= I have enabled Two-Factor Authentication (2FA) for all users, what happens if an end user tries to login but has not yet registered ? =
If a user has not setup Two-Factor yet, user has to register by inline registration that will be invoked during the login.
= I want to enable only one authentication method for my users. What shloud I do? =
You can select the authentication methods under Login Settings tab. The selected authentication methods will be shown to the user during inline registration. [PREMIUM FEATURE]
= I am getting the fatal error of call to undefined function json_last_error(). What should I do? =
Please check your php version. The plugin is supported in php version 5.3.0 or above. You need to upgrade your php version to 5.3.0 or above to use the plugin.
= I did not recieve OTP while trying to register with miniOrange. What should I do? =
The OTP is sent to your email address with which you have registered with miniOrange. If you can't see the email from miniOrange in your mails, please make sure to check your SPAM folder. If you don't see an email even in SPAM folder, please submit a query in our Support Section in the plugin or you can contact us at info@miniorange.com.
= I want to configure 2nd factor by Google Authenticator. =
Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Google Authenticator App. Enter the 6 digit code in the textbox and click on Save and verify buuton.
= I want to configure 2nd factor by Authy 2-Factor Authentication App. =
Select the radio button next to Google Authenticator/Authy App and select the phone type and then scan the QR Code by Authy 2-Factor Authentication App. Enter the 6 digit code from the Authy App into the textbox available and click on Save and Verifiy button.
= I forgot the password of my miniOrange account. How can I reset it? =
There are two cases according to the page you see -
1. Login with miniOrange screen: You should click on forgot password link. You will get a new password on your email address with which you have registered with miniOrange . Now you can login with the new password.
2. Register with miniOrange screen: Enter your email ID and any random password in password and confirm password input box. This will redirect you to Login with miniOrange screen. Now follow first step.
= I have a custom / front-end login page on my site and I want the look and feel to remain the same when I add 2 factor ? =
If you have a custom login form other than wp-login.php then we will provide you the shortcode. Shortcode will work only for the customized login page created from wordpress plugins. We are not claiming that it will work with all the customized login page. In such case, custom work is needed to integrate two factor with your customized login page. You can submit a query in our Support Section in the plugin or you can contact us at info@miniorange.com for more details.
= My users have different types of phones. What phones are supported? =
We support all types of phones. Smart Phones, Basic Phones, Landlines, etc. Go to Setup Two-Factor Tab and select Two-Factor method of your choice from a range of 8 different options.
= What if a user does not have a smart phone? =
You can select OTP over SMS, Phone Call Verification or Email Verification as your Two-Factor method. All these methods are supported on basic phones.
= What if a user does not have any phone? =
You can select Email Verification or Security Questions (KBA) as your Two-Factor method.
= What if I am trying to login from my phone ? =
If your Security Questions (KBA) are configured then you will be asked to answer them when you are logging in from your phone.
= I want to hide default login form and just want to show login with phone? =
You should go to Login Settings Tab and check Login with Phone Only checkbox to hide the default login form.
= My phone has no internet connectivity and configured 2nd factor with miniOrange App, how can I login? =
You can login using our alternate login method. Please follow below steps to login:
* Enter your username and click on login with your phone.
* Click on Phone is Offline? button below QR Code.
* You will see a textbox to enter one time passcode.
* Open miniOrange Authenticator App and Go to Soft Token Tab.
* Enter the one time passcode shown in miniOrange Authenticator App in textbox, just like Google authenticator.
* Click on submit button to validate the otp.
* Once you are authenticated, you will be logged in.
= My phone is lost, stolen or discharged. How can I login? =
You can login using our alternate login method. Click on the Forgot Phone link and you will get 2 alternate methods to login. Select "Send a one time passcode to my registered email" to authenticate by OTP over EMAIL or Select "Answer your Security Questions (KBA)" to authenticate by knowledge based authenticaion.
= My phone has no internet connectivity and i am entering the one time passcode from miniOrange Authenticator App, it says Invalid OTP?
Click on the Settings Icon on top right corner in miniOrange Authenticator App and then press Sync button under 'Time correction for codes' to sync your time with miniOrange Servers. If you still can't logged in then please email us at info@miniorange.com or Contact us.Soft Token method is just like google authenticator method.
= I want to go back to default login with password? =
You should go to Login Settings Tab and uncheck Enable Two-Factor plugin checkbox. This will disable 2-Factor and you can login using wordpress default login.
= I am upgrading my phone. =
You should go to Setup Two Factor Tab and click on Reconfigure to reconfigure 2-Factor with your new phone.
= What If I want to use any other second factor like OTP Over SMS, Security Questions, Device Id, etc ? =
miniOrange authentication service has 15+ authentication methods.One time passcodes (OTP) over SMS, OTP over Email, OTP over SMS and Email, Out of Band SMS, Out of Band Email, Soft Token, Push Notification, USB based Hardware token (yubico), Security Questions, Mobile Authentication (QR Code Authentication), Voice Authentication (Biometrics), Phone Verification, Device Identification, Location, Time of Access User Behavior. To know more about authentication methods, please visit https://miniorange.com/strong_auth . If you want to have any other 2-factor for your WordPress site, please email us at info@miniorange.com or Contact us.
== Screenshots ==
1. 2FA LearnDash LMS: Setup different 2-Factor methods for users.
2. 2FA LearnDash LMS: Session control.
== Changelog ==
= 1.0.1 =
2FA LearnDash LMS : Fixed plugin deletion issue.
= 1.0.0 =
First version of 2FA LearnDash LMS plugin.
== Upgrade Notice ==
= 1.0.1 =
2FA LearnDash LMS : Fixed plugin deletion issue.
= 1.0.0 =
First version of 2FA LearnDash LMS plugin.