Is your enhancement related to a problem? Please describe.
I am using Two-Factor on a WordPress Multisite network.
The plugin works on Multisite, but the current settings model can be confusing in a network environment.
From what I understand:
- User 2FA configuration is stored at the user level, which makes sense because users are shared across the network.
- However, the enabled provider settings appear to be stored per subsite.
- This means one subsite could allow TOTP and backup codes, another subsite could disable TOTP, and another subsite could allow only email codes.
- As a result, the same user may have a network-wide 2FA configuration, but the available providers can vary depending on the subsite context.
Since 2FA protects the shared user account rather than a specific subsite, this can feel inconsistent for Multisite administrators.
Proposed Solution
It would be helpful to add network-level provider settings for Multisite installations.
Possible improvements:
- Add a Network Admin settings page for Two-Factor provider settings.
- Store enabled provider settings as network options when the plugin is network activated.
- Allow Super Admins to choose whether subsites can override the network-level provider settings.
- Optionally add a simple network-level policy for requiring 2FA for Super Admins, administrators, or selected roles.
This would keep the plugin lightweight while making its Multisite behavior more consistent and predictable.
Designs
No mockup needed.
A possible UI location could be:
Network Admin → Settings → Two-Factor
Possible settings:
Describe alternatives you've considered
I considered managing the provider settings separately on each subsite, but this can become inconsistent and difficult to maintain on a Multisite network.
I also considered using custom code or an MU plugin to force providers network-wide, but that feels fragile and may break if plugin internals change in a future update.
A dedicated Network Admin setting would be cleaner, easier to understand, and more consistent with how Multisite user management works.
Please confirm that you have searched existing issues in this repository.
Yes
Is your enhancement related to a problem? Please describe.
I am using Two-Factor on a WordPress Multisite network.
The plugin works on Multisite, but the current settings model can be confusing in a network environment.
From what I understand:
Since 2FA protects the shared user account rather than a specific subsite, this can feel inconsistent for Multisite administrators.
Proposed Solution
It would be helpful to add network-level provider settings for Multisite installations.
Possible improvements:
This would keep the plugin lightweight while making its Multisite behavior more consistent and predictable.
Designs
No mockup needed.
A possible UI location could be:
Network Admin → Settings → Two-Factor
Possible settings:
Enabled providers for the network:
Allow subsites to override provider settings:
Optional enforcement:
Describe alternatives you've considered
I considered managing the provider settings separately on each subsite, but this can become inconsistent and difficult to maintain on a Multisite network.
I also considered using custom code or an MU plugin to force providers network-wide, but that feels fragile and may break if plugin internals change in a future update.
A dedicated Network Admin setting would be cleaner, easier to understand, and more consistent with how Multisite user management works.
Please confirm that you have searched existing issues in this repository.
Yes