Yubikey plugin for WordPress

flattr this!

Yubikey This is a plugin for WordPress that provides multifactor authentication with one-time passwords using the Yubikey USB token. The plugin uses the Yubico Web service API in the authentication process.
The one-time password requirement can be enabled on a per user basis.
Your PHP installation must have the Hash and Curl libs enabled, otherwise this plugin won’t work.


Howto:

  1. Buy a Yubikey.
  2. Create a Yubico ID & API Key.
  3. Download, install and activate my Yubikey plugin for WordPress. (goes into wp-content/plugins).
  4. Enter Key ID on the Users -> Profile and Personal options page.
  5. Enter Yubico ID & API key on the Settings -> Yubikey options page.
    Id/key confused ? Well the Key ID is the first 12 chars from the output Your Yubikey generates, they don’t change, the Yubico ID and API Key is used when communicating with the Yubico authentication server.
  6. That’s it, enjoy the looks of Your new loginbox, and try logging in.

History/Changelog

  • 2011-04-14: Styling added to descriptions, thanks to Uwe Moosheimer
  • 2011-04-11: German translation by Uwe Moosheimer added
  • 2011-04-10: Multiple Yubikeys per account now possible, TAB index on registration page fixed.
  • 2009-08-19: Russian translation contributed by M. Comfi
  • 2009-02-09: Plugin has been moved to the official plugin directory
  • 2008-12-13: Minor CSS change, making things look nicer with WordPress 2.7
  • 2008-07-20: API ID & Key moved to a separate optionspage, thanks to Phil Massyn for idea and code.
  • 2008-07-02: Plugin will now fail gracefully if Curl or Hash extensions are missing.
  • 2008-06-25: Initial version

82 kommentarer til “Yubikey plugin for WordPress

  1. borisa siger:

    Hello,
    I am Borisa Djuraskovic and I am working for Web Hosting Hub. I red your yubikey-plugin at http://henrik.schack.dk/yubikey-plugin/ and found that very interesting to be translated to Serbo-Croatian. Let me know if you are Ok with that.
    Thank you very much.
    Regards,
    Borisa Djuraskovic

  2. Stefan Lehrer siger:

    Hi,

    thanks for this great plugin! Would it be possible to support WordPress multisite installations? At the moment, it is just possible to enter the api-key etc. on the individual sites, not the network admin interface.

    Thank you!

  3. borisa siger:

    Hi,
    A week ago, I asked for your permission to translate your plugin. Since I didn’t get any answer from you, it would be very kind of you to consider my proposal and let me know if its alright to translate it.

  4. Kamus Hadenes siger:

    Hello!

    I would like to fork your project and keep the development, since it works so well but hasn’t been updated in 3 years. My first idea is to improve it to support the WordPress mobile app (for now I just did a user agent check to avoid using it, but it can be improved to allow only specific devices). Do you allow me to fork it? Thanks!

    • Henrik Schack siger:

      Hi Kamus
      I have intentionally never implemented support for the mobile app in order to keep the plugin as secure as possible.
      Mobile app support involves removing the requirement for 2 factor authentication in order to publish content.

      If convenience is more important than security there are other 2 factor solutions available that supports what you want.

      Best regards
      Henrik Schack

  5. Martin Boyle siger:

    Hi,

    The link for generating api keys seems to have changed to: https://upgrade.yubico.com/getapikey/

    Regards.

    • Martin Boyle siger:

      Sorry,

      Getting confused with an older web page that had the wrong link.

      Thanks for the plugin, it’s keeping my admin account happy :)

  6. Anhur siger:

    Is it possible to add a custom val-server?

  7. Michael siger:

    Hi Henrik,
    I have used your plugin for a while. The problem I have discovered is when I change the yubikey (ID and key) it still does not let me to log in. I still have to use the old yubikey.
    I have uninstalled and reinstalled the plugin and it looks it still remember the new ID and key, but the yubikey associated with it does not work – the old one does.
    Please advise.
    Best regards,

Skriv et svar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret med *

Disse HTML koder og attributter er tilladte: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>