Require secondary authentication for registered user access
| Author: | Demitrious Kelly (profile at wordpress.org) |
| WordPress version required: | 3.0.1 |
| WordPress version tested: | 3.1.4 |
| Plugin version: | 1.0 |
| Added to WordPress repository: | 18-11-2010 |
| Last updated: | 18-11-2010
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 0 |
| Rated by: | 0 |
| Plugin URI: | http://wordpress.org/# |
| Total downloads: | 1 587 |
| Active installs: | 10+ |
 Click to start download |
|
This plugin prevents logged in users from doing anything on your wordpress.org blog until they have verified their second factor of authentication. The process goes like this:
- A user logs into your blog.
- Behind the scenes a bunch of cryptographic stuff happens and a key is generated and attached to that user. The key is overwritten with a new one every single time they log in. This key is emailed to that user (via the email address the user is registered under.)
- The user gets the email with the code.
- The user then enters the code at the page which is now presented to them when they are trying to access your blog
- Behind the scenes the token is checked for validity, and a cookie is added to the users session. They are now allowed access to your blog. If the key changes (the user logs out, or is required to log in again) the cookie that they may have been using will no longer be valid and they will be asked to enter the new one that they get via email.
Screenshots
FAQ
ChangeLog