Choose right WordPress plugin from thousands others in a moment
SecSign
=== SecSign ID ===
Contributors: SecSign
Tags: two-factor authentication, two-factor, authentication, login, sign in, single sign-on, challenge response, rsa, password, mobile, iphone, android, security, authenticator, authenticate
Requires at least: 3.0.1
Tested up to: 3.5.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Use the SecSign ID two factor authentication on your WordPress site to enable easy and secure login using your iPhone or Android phone.
== Description ==
SecSign ID – The mobile way to log into web sites
* Integrate SecSign ID into your own website or sign into other web sites supporting SecSign ID.
* Directly sign into [SecSign.com Portal](https://portal.secsign.com) for true professional messaging and cloud sharing.
SecSign ID features:
* Easy to use
* Easy to add to your website
* Eliminates password chaos and security concerns
* Free for website owners and users
* Single sign-on
* No need for long cryptical passwords, time-consuming retyping of codes from SMS or reading of QR codes
* High security and strong cryptography on all levels
Technical details (only for experts)
* Up to 2048 bit asymmetric private keys
* Brute force resistant private key storage
* No private key information on SecSign ID authentication servers
* High availability through redundant remote failover servers
* Multi tier secured server structure
How to start?
1. Install the app
2. Choose a unique user short name
3. Choose a short PIN to secure your SecSign ID on your phone
That's it!
Now just type in your user short name (for instance at [SecSign.com Portal](https://portal.secsign.com) or your WordPress site using this plugin), confirm your sign-in on your phone and you are done within seconds.
Despite its simplicity SecSign ID works with comprehensive strongest security technologies. The solution we offer is unique and does not submit any confidential data through a web browser.
SecSign ID is free for everyone and free of advertising.
We have a strong background of more than 14 years in developing strong cryptography and highly sophisticated security software products for governments, public institutions and private companies.
Visit our official site to get the app and more information: [SecSign.com](https://www.secsign.com)
Or check out our [flyer](https://www.secsign.com/secsign_portal_flyer.pdf).
== Installation ==
1. Login into WordPress as admin and go to the plugins screen and select the "Add New" submenu.
2. Then search for "SecSign" and click "Install Now" or click on "Upload" and select the downloaded zip archive.
3. After this activate the plugin in the "Installed Plugins" list.
4. Go to "Appearance" screen and click the "Widgets" submenu.
5. Drag and drop the "SecSign ID Login" widget to the "Main Sidebar"
6. Go to the "Settings" screen and select the "SecSign ID Login" submenu.
7. Change the service address which will be shown to the user in the smartphone app. This should match the URL the user sees, when he visits your site. Optionally, assign SecSign IDs to WordPress users.
SecSign ID is a plugin for real two-factor authentication (2FA) for WordPress sites. 2FA adds another layer of security to your website by using a second token. In this case the physical token is your smartphone.
If you seek for more information about about two-factor authentication have a look at secsign.com.
Integrate SecSign ID into your own WordPress site in less than one minute.
You and your users can also use SecSign ID to visit securely other web sites (e.g. portal.secsign.com for truly professional messaging and cloud sharing.)
This service is free for users and web site owners and free of advertising – no matter how many users the web site has.
You can also integrate SecSign ID as in-house solution into your existing infrastructure (on request with licensed service and maintenance contract)
There are also APIs for PHP, Ruby, Perl, Python and Java as well as plugins and modules for Joomla and Drupal.
A complete overview about available plugins and APIs can be found at secsign.com/plugins/.
SecSign ID features:
Quick and easy to use single sign-on with 2048-bit high security
Eliminates password chaos and security concerns
No mobile number, credit card or time-consuming registration required
No need for long cryptical passwords, time-consuming retyping of codes from SMS or reading of QR codes
High security and strong cryptography on all levels
Technical details (only for experts):
Up to 2048-bit asymmetric private keys
Brute force resistant private key storage (SafeKey mechanism)
Private keys are never transmitted to the authentication server (the SecSign ID server)
High availability through redundant remote failover servers
Multi-tier high security architecture with multiple firewalls and protocol filters
Choose a short PIN to secure your SecSign ID on your phone
That’s it! You can now use your SecSign ID to sign in.
How to sign in:
Just type in your user short name (for instance at SecSign Portal or your WordPress site using this plugin), confirm your sign-in on your phone and you are done within seconds.
Despite its simplicity SecSign ID works with comprehensive and strongest security technologies. The solution we offer is unique and does not submit any confidential data through a web browser.
We have a noticeable background of more than 16 years in developing strong cryptography and highly sophisticated security software products for governments, public institutions and private companies.
This is the login form in which you enter your SecSign ID shown in the smartphone app.
The access pass is requested.
You will be shown an access pass. Tab on the matching one on your phone.
The push notification for the login request at your phone
The Touch ID authentication to get the access passes
The access passes where you have to choose the correct one to login
If your SecSign ID is not associated with a WordPress username, you can assign the SecSign ID to an existing user.
Or you can create a new account in WordPress which is associated with your SecSign ID.
The options for the SecSign ID plugin. You can choose a service name which is shown to a user on his or her smartphone and the assignments between a wordpress user and a SecSign ID.
The options for self enrollment whether a user can assign his or her SecSign ID by him- or herself and whether a user can create a new account.
How can users assign a SecSign ID to their WordPress account?
You can just sign in with your SecSign ID. You will then be shown a dialog, where you can create a new user or assign your SecSign ID to an existing WordPress user.
Alternatively, you can go to your profile page to assign a SecSign ID.
Is this service for free?
Yes, it’s free for the user and the WordPress admin – no matter how many users the site has. It’s also free of advertising.
How to restore your SecSign ID on a new smartphone?
In the event that you lose your phone or want to switch to a new one, you should write down the restoration code for your SecSign ID. You can find the code in the app: Click on Edit on the main screen, select your SecSign ID and click on Restoration settings.
You can restore your ID on a new phone by going to More -> Restore Identity.
I enabled the SecSign ID Plugin and locked myself out
Do the following steps in order to disable the SecSign ID WordPress login:
Open your WordPress directory via (S)FTP and rename the folder wp-content/plugins/secsign to secsign1.
Reload the backend login page and login with your WordPress username and password.
Important: Immediately rename the folder back to secsign.
The SecSign ID WordPress Plugin is now deactivated. Click on “Plugins” in the main menu, look for “SecSign” and activate it.
Adjust options in the SecSign ID settings.
I get the error: The authentication server sent no response or you are not connected to the internet.
The plugin needs to make a connection to https://httpapi.secsign.com to work correctly. This error means it can’t connect to our server. There are some possible reasons for this:
Please check if you have a firewall or router that might block the connection to httpapi.secsign.com on port 443.
Please check that the curl packet (http://php.net/manual/en/book.curl.php) is installed in your PHP installation. If this is not the case you should see a curl error about this in your webserver logs.
Please check if you have another wordpress plugin which might block the connection to our server. There are several wordpress security plugins doing this.
Please contact us at support@secsign.com if this doesn’t help.
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
1.7.16
Added new PHP API
Added new JS API
Added new FAQ entry for connection problems
Tested WP compatibility for WordPress 5.1.1
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
1.7.15
Removed WP_DEBUG Notices
Added new PHP API
Added new JS API
Tested WP compatibility for WordPress 4.9.8
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
1.7.14
Added workaround for port issue on misconfigured apache server
Added new PHP API
Added new JS API
Tested WP compatibility for WordPress 4.9.6
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
1.7.13
Added links to SecSign plugin website on WordPress.org in plugin listing
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
Accepted authentication sessions are handled by server. No need to release them manually
Minor CSS changes
Tested WP compatibility for WordPress 4.6
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
1.7.10
Show server errors to user rather than a nondescriptive default error message.
Check given SecSign ID if it is syntactically correct before sending it
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
1.7.9
Fixed form switching bug
Improved error handling
Tested WP compatibility for WordPress 4.5
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
1.7.8
Turned off autocapitalizing and autocorrection for username input fields
Fixed error if an authentication session is canceled
Fixed layout error when an authentication is requested. Reset all fields before showing access pass or activity indicator
Added index.php to all subfolders to prevent directory parsing
Check that service name and service address dont exceed length limit
Tested WP compatibility for WordPress 4.4.2
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
Minor changes in readme and new screenshots for the wordpress.org website
Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
Fixed error which could interfere with some rules in Apache .htaccess
Tested WP compatibility for WordPress 4.2.2
Note: After the update, please flush the page cache. Or any other cache e.g. if you are using WordPress plugins like ‘W3 Total Cache’ or ‘Better WordPress Minify’.
1.7.4
Fixed javascript error that affects websites which use the SecSign ID plugin only at the admin backend
Tested WP compatibility for WordPress 4.2.1
1.7.3
Fixed issue with js queue and improved css styles for specific templates
Added noscript message
Fixed issue with CSS for button to create a new account
Solved conflict with jQuery: do not use $ as jQuery object wrapper
Use built-in function plugin_dir_path() rather than constant WP_PLUGIN_DIR
1.7.2
Tested WP compatibility for WordPress 4.2
Fixed issue with the site url which is displayed in the app.
Each section of the user configuration options now has a ‘save changes’ button
Fixed issue with html code fragments when user configuration options are shown
1.7.1
Brute force prevention at fast registration form
Added warning for interfering admin plugin setting