SecSign
| 开发者 | SecSign |
|---|---|
| 更新时间 | 2022年10月26日 14:30 |
| PHP版本: | 3.0.1 及以上 |
| WordPress版本: | 6.1 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
SecSign ID - The mobile way to log into web sites
SecSign ID is a plugin for real two-factor authentication (2FA) for Wordpress sites. 2FA adds another layer of security to your website by using a second token. In this case the physical token is your smartphone.
If you seek for more information about about two-factor authentication have a look at secsign.com.
- Integrate SecSign ID into your own WordPress site in less than one minute.
- You and your users can also use SecSign ID to visit securely other web sites (e.g. portal.secsign.com for truly professional messaging and cloud sharing.)
- This service is free for users and web site owners and free of advertising - no matter how many users the web site has.
- You can also integrate SecSign ID as in-house solution into your existing infrastructure (on request with licensed service and maintenance contract)
- Quick and easy to use single sign-on with 2048-bit high security
- Eliminates password chaos and security concerns
- No mobile number, credit card or time-consuming registration required
- No need for long cryptical passwords, time-consuming retyping of codes from SMS or reading of QR codes
- High security and strong cryptography on all levels
- Up to 2048-bit asymmetric private keys
- Brute force resistant private key storage (SafeKey mechanism)
- Private keys are never transmitted to the authentication server (the SecSign ID server)
- High availability through redundant remote failover servers
- Multi-tier high security architecture with multiple firewalls and protocol filters
- Get the app for iPhone or Android
- Choose a unique user short name
- Choose a short PIN to secure your SecSign ID on your phone
安装:
Install the Plugin
- Login into WordPress as admin, go to the plugins screen and select the "Add New" submenu.
- Search for "SecSign" and click "Install Now" or click on "Upload" and select the downloaded zip archive.
- Activate the plugin in the "Installed Plugins" list.
- You can add the SecSignID login widget to your site to allow the login on, for example, the side menu.
- Go to the "Appearance" screen and click on the "Widgets" submenu.
- Drag and drop the "SecSign ID Login" widget to, for example, the "Main Sidebar"
- Go to the "Settings" screen and select the "SecSign ID Login" submenu.
- Change the service address which will be shown to the user in the smartphone app. This should match the URL the users will see, when visiting your site.
- You can integrate the SecSign ID login on the wp-login.php page. This is done by default.
- Optionally, you can assign SecSign IDs to the WordPress users of your co-workers (admins, editors, authors and contributors). The users themselves can also assign a SecSign ID in their profile.
- You can also deactivate the normal password-based login for the users, so they can only login using the SecSign ID. It’s recommended that you deactivate the password login for all co-workers, so your site is secured against brute force attacks. You should only allow the password-based login for your own admin account, in case you lose your phone, and of course for all co-workers without smartphones. These accounts should be secured using a very strong password.
- Optionally, you can assign SecSign IDs to the WordPress users of your website users (subscribers). The users themselves can also assign a SecSign ID in their profile.
- It’s also possible to activate and deactivate the password-based login for your users.
- In order not to have to create new user accounts yourself you can allow your co-workers or web site users to create user accounts themselves by logging in with their SecSign ID via wp-login.php or the login widget. You can allow them to create a new wordpress user or assign an existing one. After they created an wordpress account, you can assign wordpress roles to your co-workers via the user administration.
屏幕截图:
常见问题:
How can users assign a SecSign ID to their WordPress account?
You can just sign in with your SecSign ID. You will then be shown a dialog, where you can create a new user or assign your SecSign ID to an existing WordPress user. Alternatively, you can go to your profile page to assign a SecSign ID.
Is this service for free?
Yes, it's free for the user and the WordPress admin - no matter how many users the site has. It's also free of advertising.
How to restore your SecSign ID on a new smartphone?
In the event that you lose your phone or want to switch to a new one, you should write down the restoration code for your SecSign ID. You can find the code in the app: Click on Edit on the main screen, select your SecSign ID and click on Restoration settings. You can restore your ID on a new phone by going to More -> Restore Identity.
I enabled the SecSign ID Plugin and locked myself out
Do the following steps in order to disable the SecSign ID WordPress login:
- Open your WordPress directory via (S)FTP and rename the folder wp-content/plugins/secsign to secsign1.
- Reload the backend login page and login with your WordPress username and password.
- Important: Immediately rename the folder back to secsign.
- The SecSign ID WordPress Plugin is now deactivated. Click on "Plugins" in the main menu, look for "SecSign" and activate it.
- Adjust options in the SecSign ID settings.
- Please check if you have a firewall or router that might block the connection to httpapi.secsign.com on port 443.
- Please check that the curl packet (http://php.net/manual/en/book.curl.php) is installed in your PHP installation. If this is not the case you should see a curl error about this in your webserver logs.
- Please check if you have another wordpress plugin which might block the connection to our server. There are several wordpress security plugins doing this.
更新日志:
1.8.1
- Tested WP compatibility for Wordpress 6.1
- Bugfix for PHP 8.
- Tested WP compatibility for Wordpress 5.8.2
- Tested WP compatibility for Wordpress 5.7.2
- Tested WP compatibility for Wordpress 5.4.1
- Fixed Password Login Problems on Wordpress 5.3
- Added new JS API
- Tested WP compatibility for Wordpress 5.3 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Added new PHP API
- Added new JS API
- Added new FAQ entry for connection problems
- Tested WP compatibility for Wordpress 5.1.1 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Removed WP_DEBUG Notices
- Added new PHP API
- Added new JS API
- Tested WP compatibility for Wordpress 4.9.8 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Added workaround for port issue on misconfigured apache server
- Added new PHP API
- Added new JS API
- Tested WP compatibility for Wordpress 4.9.6 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Added links to SecSign plugin website on Wordpress.org in plugin listing
- Added new PHP API
- Tested WP compatibility for Wordpress 4.9.1
- New version of SecSignIDApi.js
- Tested WP compatibility for Wordpress 4.7 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- New version of SecSignIDApi.js
- Accepted authentication sessions are handled by server. No need to release them manually
- Minor CSS changes
- Tested WP compatibility for Wordpress 4.6 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Show server errors to user rather than a nondescriptive default error message.
- Check given SecSign ID if it is syntactically correct before sending it
- New version of SecSignIDApi.js
- Tested WP compatibility for Wordpress 4.5.1 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Fixed form switching bug
- Improved error handling
- Tested WP compatibility for Wordpress 4.5 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Turned off autocapitalizing and autocorrection for username input fields
- Fixed error if an authentication session is canceled
- Fixed layout error when an authentication is requested. Reset all fields before showing access pass or activity indicator
- Added index.php to all subfolders to prevent directory parsing
- Check that service name and service address dont exceed length limit
- Tested WP compatibility for Wordpress 4.4.2 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Added check for already loaded jQuery
- New version of SecSignIDApi.js
- Minor changes in description
- Tested WP compatibility for Wordpress 4.4 Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- Renamed function to fit naming conventions
- Fixed missing plugin name in javascript function
- Using new PHP5 constructors
- CSS fix
- Fixed Widget on WordPress 4.3
- New version of SecSignIDApi.js and SecSignIDApi.php to be aible to login with your SecSign ID priority code
- Minor changes in readme and new screenshots for the wordpress.org website Note: Due to changes at the javascript files, please flush the page cache or any other cache you are using to have the updated files within the browser.
- New version of SecSignIDApi.js and SecSignIDApi.php
- Fixed error which could interfere with some rules in Apache .htaccess
- Tested WP compatibility for Wordpress 4.2.2 Note: After the update, please flush the page cache. Or any other cache e.g. if you are using Wordpress plugins like 'W3 Total Cache' or 'Better WordPress Minify'.
- Fixed javascript error that affects websites which use the SecSign ID plugin only at the admin backend
- Tested WP compatibility for Wordpress 4.2.1
- Fixed issue with js queue and improved css styles for specific templates
- Added noscript message
- Fixed issue with CSS for button to create a new account
- Solved conflict with jQuery: do not use $ as jQuery object wrapper
- Use built-in function plugin_dir_path() rather than constant WP_PLUGIN_DIR
- Tested WP compatibility for Wordpress 4.2
- Fixed issue with the site url which is displayed in the app.
- Each section of the user configuration options now has a 'save changes' button
- Fixed issue with html code fragments when user configuration options are shown
- Brute force prevention at fast registration form
- Added warning for interfering admin plugin setting
- New version of SecSignIDApi.js (see GitHub )
- Improved error messages and properly clear javascript timer intervals
- Bug fixed: disable submit button as long as username and password field is empty.
- Bug fixed: adapt regexes in php and javascript to accept SecSign IDs with a dot
- Bug fixed: if login fails refer to page where user tried to login with its SecSign ID
- Improved plugin design with more use of javascript and SecSign Javascript Api to prevent page reloads and increase speed
- New version of SecSignIDApi.js (see GitHub )
- Updated user configuration options
- Bugfixes and path changes
- Layout and plugin structure updates
- Show messages at backend login page e.g. when the authentication session is still pending
- Bug fixed: use the existing div #login_error to display errors at backend login page
- Use brand color for buttons.
- The button color can be adjusted in options page.
- Scroll page to shown access pass in case the plugin is embedded at the end of a page.
- Bug fixed: corrected error messages sent by SecSign ID Server.
- CSS corrections.
- Bug fixed when SecSign ID is checked whether it is null or not. The login form should not be submitted if the user hasn't entered a SecSign ID.
- When login is started buttons are disabled and the login form is submitted programmatically to prevent multiple submits (in safari and Chrome).
- When checking the authentication session the buttons are disabled to prevent multiple submits.
- When printing the html code the heredoc notation is used for better readability.
- Added new version of SecSign ID PHP API GitHub
- Differ between error message and user formatted message in function print_error(...)
- Added info about installations prerequisites in wordpress readme.txt
- Fixed compatibility issue with WordPress Download Manager Plugin 2.6.96 and newer.
- Responsive Design
- Code Review
- Added descriptions.
- When SecSign ID plugin is enabled the focus is set to SecSign ID input field at wp-login.php.
- CSS corrections.
- Added new screenshots for the description.
- Fixed a problem with some redirect urls
- Use of SecSign ID JS API GitHub - to login an user automatically
- The login will now automatically continue after you selected the access pass on your smartphone. No need to click the OK button.
- Added new installer icons
- Fixed a problem on multisites which could allow a password-based login, although the password-based login was deactivated for this user.
- Integration in wp-login.php page
- Possibility to deactivate the normal password-based login
- Layout fixes
- Allowing wordpress installations on nonstandard ports
- Added new version of SecSign ID PHP API GitHub
- Added new version of SecSign ID PHP API GitHub
- Fixed wpdb::prepare() warning
- Changed color of errors
- Bug fixes
- Initial release