Name: wp-hide/2fa/process_wp_login
Type: Filter
Arguments:
(bool) $bypass
(object) $user
This filter controls whether the 2FA (Two-Factor Authentication) process should proceed during login. Returning false will bypass the 2FA requirement, allowing the user to log in without additional verification.
This is particularly useful when you need to conditionally disable 2FA based on specific criteria, such as environment variables, user roles, IP addresses, or other custom logic.
add_filter( 'wp-hide/2fa/process_wp_login', 'custom_disable_2fa_for_trusted_ip', 10, 2 );
/**
* Disable 2FA for trusted IP addresses.
*
* @param bool $should_process Indicates whether 2FA should be processed.
* @param string $username The username of the user attempting to log in.
* @return bool
*/
function custom_disable_2fa_for_trusted_ip( $should_process, $username ) {
// Define a list of trusted IP addresses
$trusted_ips = array(
'192.168.1.100',
'203.0.113.5',
);
$user_ip = $_SERVER['REMOTE_ADDR'] ?? '';
// If the user's IP is in the trusted list, skip 2FA
if ( in_array( $user_ip, $trusted_ips, true ) ) {
return false;
}
// Otherwise, continue with 2FA
return $should_process;
}
The above code should be placed inside a custom file on /wp-content/mu-plugins/ folder or theme functions.php or a custom plugin.
