Authenticator for WordPress
| 开发者 | julien731 |
|---|---|
| 更新时间 | 2021年4月26日 14:17 |
| 捐献地址: | 去捐款 |
| PHP版本: | 3.0 及以上 |
| WordPress版本: | 5.7.1 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
- Adds 2-factor authentication to WordPress login page,
- Can be eanbled for each user independantly,
- Admin can force users to use 2FA (and limit the number of allowed logins without setting up 2FA). The use of 2FA can be forced for all users or for specific roles,
- Support applications passwords (with access log),
- If admin forces users to use 2FA, users who didn't set it up will be reminded with a warning in their dashboard,
- Set any name you want to appear in the Google Authenticator app,
- Allow clock discrepancy (mins +/-),
- Users can generate a new secret key anytime,
- Admin can revoke any user's key at anytime,
- If a user is locked-out after logging-in too many times without using 2FA, admin can reset the counter,
- Used one time passwords are hashed and stored in the DB to avoid multiple use (in case of interception by an attacker)
- Recovery code in case the user can't use the app
安装:
- Upload
wp-google-authenticatorfolder to the/wp-content/plugins/directory - Activate the plugin through the 'Plugins' menu in WordPress
- Activate, generate your secret, scann the QR code with your phone
屏幕截图:
常见问题:
How can I use the WordPress mobile app?
Since version 1.1.0, the plugin supports applications password. Go to your profile and you'll find a new menu item called "My Apps Passwords". From here you can create application specific passwords.
I'm using Authy, does this plugin work?
Yes it does. You might have noticed that Authy has a dedicated WordPress plugin available on the Extend, but WP Google Authenticator is more powerful and fully functional with Authy. You can safely keep or start using WP Google Authenticator in combination to using Authy on your phone.
I just updated to 1.0.4: how do I get a recovery code?
If you just updated the plugin to version 1.0.4 (which introduces recovery code feature), you need to go to your profile page and hit the save button. This will generate a new recovery code. You will see this code in clear for 5 minutes in your profile page. After that, you will be required to type your password to show the code.
What if a user is unable to generate his TOTP (phone lost, stolen, reset...)?
The user can use his recovery code to disable 2FA for his account. Alternatively, an admin can edit the user's profile and revoke his secret. The user will then be able to login again and re-generate a secret.
更新日志:
- Fix an issue with the settings page not showing up
- Contextual help deprecated bug
- Remove mentions of Google in the plugin name chore
- Add support for apps passwords
- Admins can now force 2FA by user role
- Add Finnish translation (props Makke375)
- Improve performance by reducing plugin footprint
- Fix the bug that allowed users to login 1 more time after they reached the limit when they don't have 2FA setup yet
- When a user set his personnal secret the login count is reset.
- Add cron task to clean TOTPs list from DB
- Fix issue with spaces in site name (jeremyawhite)
- Add issuer to the Google Authenticator account
- Add recovery code feature
- Update translations
- Add support for WordPress Android / iPhone app
- Add French translation
- Update version number
- Remove double confirmation message after saving options
- Update option label and disable TOTP if plugin is not set to Active
- Only push the trunk
- First release of the plugin