News laravel agencies laravel agency laravel agency uk laravel agency us laravel company laravel developers laravel development agency laravel development agency edinburgh laravel web agency laravel web design agency

Building AuthPress: From Simple Telegram 2FA to Extensible WordPress Security Platform

admin, Author

admin

Author

3 min read
Featured image for Building AuthPress: From Simple Telegram 2FA to Extensible WordPress Security Platform

The Problem 🔐

WordPress powers 43% of the web, but most sites still rely on password-only authentication. While there are 2FA plugins available, they’re often:

  • Limited to specific providers
  • Hard to extend or customize
  • Not developer-friendly
  • Missing modern authentication methods

The Journey 🚀

AuthPress started as a simple idea: “What if I could get my WordPress 2FA codes via Telegram?” Three years and multiple iterations later, it’s become a comprehensive authentication platform.

Version 4.0: The Extensible Platform

Now it supports multiple providers through a clean architecture: 

class Abstract_Provider {
    abstract publicHow I evolved a single-provider WordPress 2FA plugin into a comprehensive, developer-friendly authentication system




  
  
  The Problem 🔐




WordPress powers 43% of the web, but most sites still rely on password-only authentication. While there are 2FA plugins available, they're often:



    

  • Limited to specific providers
    • 

  • Hard to extend or customize
    • 

  • Not developer-friendly
    • 

  • Missing modern authentication methods
    • 





  
  
  The Journey 🚀




AuthPress started as a simple idea: "What if I could get my WordPress 2FA codes via Telegram?" Three years and multiple iterations later, it's become a comprehensive authentication platform.




  
  
  Version 4.0: The Extensible Platform




Now it supports multiple providers through a clean architecture:







// Modern extensible system
abstract class Abstract_Provider {
    abstract public function send_code($user_id, $code);
    abstract public function verify_code($user_id, $code);
    abstract public function render_user_settings($user_id);
}

// Register custom providers
add_filter('authpress_register_providers', function($providers) {
    $providers['my_sms'] = 'MyPlugin\\SMS_Provider';
    $providers['push_notification'] = 'MyPlugin\\Push_Provider';
    return $providers;
});







  Technical Architecture 🏗️






  Core Features




    

  • 
Multi-Provider Support: Telegram, Email, TOTP, Recovery Codes
    • 

  • 
Extensible API: Clean interfaces for custom providers
    • 

  • 
Professional Logging: WordPress-native admin tables
    • 

  • 
Security First: Rate limiting, encrypted storage, brute force protection
    • 





  The Provider System




Each authentication method is a provider class:





class Telegram_Provider extends Abstract_Provider {
    public function send_code($user_id, $code) {
        // Telegram API integration
        return $this->send_telegram_message($user_id, $code);
    }

    public function verify_code($user_id, $submitted_code) {
        // Validate against stored code
        return $this->validate_stored_code($user_id, $submitted_code);
    }

    public function render_user_settings($user_id) {
        // User configuration interface
        include 'templates/telegram-settings.php';
    }
}







  Developer Experience 👨‍💻






  Creating Custom Providers




Want SMS via Twilio? Here's how simple it is:





class Twilio_SMS_Provider extends Abstract_Provider {
    private $twilio_client;

    public function __construct() {
        $this->twilio_client = new Twilio\Rest\Client($sid, $token);
    }

    public function send_code($user_id, $code) {
        $phone = get_user_meta($user_id, 'phone_number', true);

        return $this->twilio_client->messages->create($phone, [
            'from' => '+1234567890',
            'body' => "Your WordPress login code: {$code}"
        ]);
    }

    public function verify_code($user_id, $code) {
        return parent::verify_stored_code($user_id, $code);
    }
}







  WordPress Integration




Follows WordPress best practices:


    

  • Uses hooks and filters extensively
    • 

  • Proper nonce verification
    • 

  • WP_List_Table for admin interfaces
    • 

  • Standard WordPress coding standards
    • 





  What's Next? 🔮




Working on:


    

  • 
Passkey/WebAuthn integration (already in beta)
    • 

  • 
Hardware token support (YubiKey, etc.)
    • 





  Open Source & Community 💝




AuthPress is GPL-licensed and available on:





  Contributing




We welcome contributions! Especially:


    

  • New provider implementations
    • 

  • Security audits
    • 

  • Documentation improvements
    • 

  • Translation updates
    • 





  Lessons Learned 📚




    

  1. 
Start simple, architect for growth - The extensible design saved massive refactoring
    2. 

  2. 
Security can't be an afterthought - Built-in from day one
    3. 

  3. 
Developer experience matters - Clean APIs lead to better ecosystem
    4. 

  4. 
WordPress standards exist for a reason - Following them made everything easier
    5. 



Try AuthPress on your WordPress site and let me know what custom providers you'd build! The extensibility system makes it possible to integrate with virtually any authentication service.


What 2FA method would you want to see next? Drop your ideas in the comments! 👇




  WordPress #2FA #Security #PHP #OpenSource

Share Article

Related Articles

Back to Blog