Linux 软件免费装

在这里免费安装WordPress以及其他软件

Banner图

Per User Prompt for Google Authenticator

开发者 iandunn
更新时间 2021年4月23日 08:55
捐献地址: 去捐款
PHP版本: 4.4 及以上
WordPress版本: 4.9
版权: GPLv2 or Later

标签

two factor authentication google authenticator

下载

0.4 0.5 0.1 0.2 0.3 0.6 0.7

详情介绍:

The Google Authenticator plugin is a great way to add two-factor authentication to your site, but it does have one major drawback: it asks every user for the authentication token, regardless of whether they have 2FA enabled or not. This can be confusing for users, which prevents some administrators from using the plugin on multi-user sites. This plugin modifies the way that Google Authenticator behaves so that only users who have it enabled are prompted for the token. If a user doesn't have it enabled, then they'll proceed directly to the Administration Panels; if they do have it enabled then they'll be prompted to enter their 2FA code.

安装:

For help installing this (or any other) WordPress plugin, please read the Managing Plugins article on the Codex. Once the plugin is installed and activated, you don't need to do anything else.

屏幕截图:

  • The token prompt no longer appears on the initial login screen
  • If a user has two factor auth enabled, they'll see the prompt on a secondary screen, after they login

升级注意事项:

0.7 This version adds more protection against a potential (but unlikely) timing attack against application passwords. 0.6 This version adds more protection against a theoretical security vulnerability, and two minor bug fixes. 0.5 This version fixes a bug where the 'Remember Me' flag was ignored while logging in. 0.4 This version adds support for the new application password format that will be used in Google Authenticator 0.45. 0.3 This version automatically focuses on the 2FA token input field, so that you don't have to click on it or tab to it. 0.2 This version contains a critical security fix for a bug that would allow an attacker with a valid username/password to bypass the 2FA token prompt. Please upgrade immediately. 0.1 Initial release.

常见问题:

Does this replace the Google Authenticator plugin?

No, this is built on top of the Google Authenticator plugin and requires it in order to work.

Is this plugin secure?

I've done my best to ensure that it is, but just in case I missed anything I also offer a security bounty for any vulnerabilities that can be found and privately disclosed in any of my plugins.

What should I do if I can't login?

Since this plugin integrates tightly with the Google Authenticator plugin, it's possible that at some point in the future, changes in Google Authenticator will break the customized login process that this plugin implements. If that happens, I'll release an updated version of this plugin to make it compatible with the new changes. You may have difficulty installing the updated version if you can't login, though, so you'll need to deactivate this plugin by some alternate means, and then update it before re-activating it. There are several alternate methods of deactivating the plugin: you can delete it via S/FTP, or by changing a database option in phpMyAdmin, or you can ask your hosting company to delete the plugin for you.

更新日志:

v0.7 () v0.6 (2016-04-28) v0.5 (2014-06-22) v0.4 (2013-12-30) v0.3 (2013-12-20) v0.2 (2013-12-11) v0.1 (2013-12-10)