What happens if a user loses their phone?

They can use one of their backup codes, or the email method if enabled. An administrator can also reset their 2FA from the users list.

Does 2FA protect customer login?

Yes. Customers can enable it themselves from their WooCommerce account, and you can make it mandatory for the customer role.

Are passkeys / WebAuthn supported?

Not in version 1.0.0. The architecture exposes a provider interface that allows WebAuthn or passkeys to be added later without a rewrite.

Is it HPOS compatible?

Yes, compatibility with HPOS (High-Performance Order Storage) and Cart/Checkout Blocks is declared.

DataFirefly 2FA Fortress – WordPress & WooCommerce 2FA

DataFirefly 2FA Fortress

Professional two-factor authentication for WordPress and WooCommerce

Protect the back office and customer accounts with per-role 2FA: TOTP, email, backup codes and a grace period.

TOTP WooCommerce HPOS Multisite Multilingual

30-day refund

12 months updates

24h support

The long version

Everything you'd want to know before you install.

A detailed look at how DataFirefly 2FA Fortress works, why we built it the way we did, and the thinking behind the features above.

§ 01

2FA that covers the whole site

Most modules only protect the admin area. DataFirefly 2FA Fortress secures both the back-office login and WooCommerce customer login, with the same proven methods and centralised configuration.

§ 02

Per-role enforcement and grace period

For each role (administrator, shop manager, customer, etc.) decide whether 2FA is disabled, offered or required. When mandatory, a grace period in days gives users time to set it up; afterwards, activation is required at login.

§ 03

Built for WooCommerce customers

Your customers enable two-factor authentication themselves from the Security tab of their account. You can also make it mandatory for the customer role. The module declares HPOS and Cart/Checkout Blocks compatibility.

§ 04

Security and traceability

Brute-force lockout, a security log of logins and sensitive events, new-device login notifications, admin reset and AES-256-GCM encryption of TOTP secrets.

PrestaShop

WordPress / WooCommerce

Shopware 6

DataFirefly 2FA Fortress

The short version.

Back office AND customers

Configurable grace period

Three methods

Encrypted secrets

Everything you'd want to know before you install.

2FA that covers the whole site

Per-role enforcement and grace period

Built for WooCommerce customers

Security and traceability

The long list.

What's shipped.

The fine print.

License & delivery

Compatibility

What actual users say.

Anything still unclear?

Ask a question