WordPress Strong Authentication lets you authenticate users with a second factor of possession like OTP, EMail or SMS. Only if the user is able to pro
| Author: | Cornelius Kölbel (profile at wordpress.org) |
| WordPress version required: | 3.6 |
| WordPress version tested: | 5.1.18 |
| Plugin version: | 1.2.1 |
| Added to WordPress repository: | 22-07-2014 |
| Last updated: | 13-08-2019
Warning! This plugin has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
|
| Rating, %: | 0 |
| Rated by: | 0 |
| Plugin URI: | https://github.com/cornelinux/wp-strong-authe... |
| Total downloads: | 2 072 |
| Active installs: | 10+ |
 Click to start download |
|
WordPress Strong Authentication lets you authenticate users with a second
factor of possession.
Only if the user is able to provide this second factor, he is allowed to login.
Such a second factor can be an OTP display card, an OTP hardware token, a Yubikey,
a smartphone App like the Google Authenticator or access to an mobile phone
to receive an SMS or access to an email account.
The use then needs to authenticate with his wordpress password and in addition with
a code, generated by his device or sent via email or SMS.
All the devices are managed in the backend (privacyIDEA)[http://privacyidea.org], the Strong Authentication
plugin forwards authentication requests to this backend, which you can easily run
on the same machine or anywhere in your network.
Configuration
Please add at least a hostname or IP address of your backend server privacyIDEA.
You need to enter the hostname together with the protocol and the port, if it is
not a standard port.
If you are using self signed certificates, you should disable the verification of hostname and peer.
Please note: You need to have the same users in the LinOTP server.
You can achieve this by configuring an SQL Resolver and presetting this to
Wordpress.
Troubleshooting
If you misconfigured the plugin, you might not be able to authenticate anymore!
So it is always a good idea to add some users to the “excluded users” list.
These users will be able to authenticate without a second factor and
even if the authentication server should be down.
Another possibility is to disable the plugin by removing or renaming the
plugin directory.
In this case is will fall back to the old wordpress passwords.
FAQ
ChangeLog