Skip to main content

Securing User Accounts with Two Factor Authentication

These shortcodes can be added to a dedicated page where your users can manage their TFA settings, including turning them on or off, viewing their QR code for scanning, and accessing emergency backup codes.

These features allow your users to take control of their account security without needing to navigate through complex settings. Plus, you can display the current authentication code directly on your site, making the login process easier.

The shortcodes are usually used in the site’s backend. They are not intended to be publicly visible on your main website pages. Use them in the accounts section of your site when someone is already logged in.

The following shortcodes are available:

For free and premium AIOS users:

**twofactor_user_settings** : This shortcode will display the whole user configuration. Use this to allow your users to get/set their TFA settings. Alternatively, to design the page yourself, you can use the individual short-codes, following:

For premium AIOS users:

**twofactor_user_settings_enabled** : Display the option to turn TFA on or off.

**twofactor_user_qrcode** : Display the user’s QR code for scanning.

**twofactor_user_emergencycodes** : Display the user’s emergency codes.

**twofactor_user_advancedsettings** : Display the user’s advanced settings (e.g. selecting TOTP or HOTP).

**twofactor_user_privatekeys** : Display the user’s private keys. Use the ‘type’ parameter, with values ‘full’ (default), ‘plain’, ‘base32’ or ‘base64’ to control exactly what is displayed.

**twofactor_user_privatekeys_reset** : Display a link for the user to reset (change) their private key.

**twofactor_user_currentcode** : Display the current TFA code.

**twofactor_user_presstorefresh** : Wrap this shortcode around any HTML that you want to cause the current TFA code (displayed by the twofactor_user_currentcode shortcode) to refresh when clicked.

**twofactor_conditional** : Wrap this shortcode around any content that you wish to be displayed only if the condition is met. The condition is specified by the “onlyif” parameter, with valid values: activate, inactive, available, unavailable. The content will be shown depending on whether the user has TFA available (i.e. the administrator has allowed it for their user level)/activated. You can use this, for example, to display notices to your users to suggest that they activate TFA, or to remind them that it is available, etc.

How to use AIOS shortcodes

  1. Make sure you have AIOS installed on your WordPress site.
  2. Create a page for your TFA Settings. Go to “Pages” > “Add New” in your WordPress dashboard to create a new page dedicated to TFA settings. Give your page a title (e.g., “TFA settings”) and save it.
  3. Add the shortcodes to this page. In the content editor of the page you just created, insert the desired TFA shortcodes based on your preferences.
  4. Once you’ve added the desired shortcodes to your page, click “Publish” or “Update” to make the changes live on your website.
  5. Share the link to this newly created page with your users or navigate to it yourself to access the TFA settings. Users can then manage their TFA preferences directly from this page.