Google Authenticator for WordPress

flattr this!

The Google Authenticator plugin for WordPress gives you multifactor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you’re security aware you may allready have the Google Authenticator app installed, using it for multifactor authentication on your Gmail or Google Apps account.

The multifactor authentication requirement can be enabled on a per user basis, You could enable it for your administrator account, but login as usual with less privileged accounts.

Notice: This plugin requires the SHA1 & SHA256 hashing algorithms to be available in your PHP installation, it’s not possible to activate the plugin without.


Howto

  1. Install and activate the plugin.
  2. Enter a description on the Users -> Profile and Personal options page, in the Google Authenticator section.
  3. Scan the generated QR code with your phone, or enter the secret manually (remember to pick the time based one)
  4. Remember to hit the Update profile button at the bottom of the page before leaving the Personal options page.
  5. That’s it, your WordPress blog is now a little more secure.

Screenshots

Google Authenticator enhanced login box

Google Authenticator Settings

Google Authenticator QR code

Android Google Auhenticator App


318 kommentarer til “Google Authenticator for WordPress

  1. David Stevens siger:

    I have tried to activate GA for another user and cannot seem to get it to work. The box for the secret does not appear.

    Also I am wondering if I can use the same secret on multiple sites to avoid having a long list of sites in GA on my phone?

    When setting up my google account it gave me emergency numbers that I could use without my phone. Is there a way to do that with this plugin?

    • Henrik Schack siger:

      1) You have to be logged in as the user in question in order to setup the secret.

      2) Not really, that would be bad security, but if you manipulate the database content on your own it would be possible

      3) Use FTP/SSH to get access to your accounts files and delete/rename the plugin folder.

      Best regards
      Henrik Schack

  2. Tomisalav siger:

    Hello,

    After updating from “Better WP Security” to now called “iThemes Security”, and enabling hide backend feature, this plugin just disappiers from the login form.

    • Henrik Schack siger:

      Hi
      I’m unable to reproduce the issue on my own server.
      But perhaps you should not use that hide backend feature then ?

      Best regards
      Henrik Schack

    • r000t siger:

      I’m also not getting 2-FA after upgrading to iThemes Security. I find hiding the backend to be very helpful because I get a lot of requests for wp-admin from people who obviously shouldn’t be seeing it. I like having multiple layers of security, that’s why I installed Google Authenticator in the first place.

  3. Tomisalav siger:

    Have you enabled the hide backend feature? I need it because it is a good way to hide WP login form.

Skriv et svar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret med *

Disse HTML koder og attributter er tilladte: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>