Beskrivning

Tillägget Google Authenticator för WordPress ger dig tvåfaktorsautentisering med hjälp av Google Authenticator-appen för Android/iPhone/Blackberry.

Om du är säkerhetsmedveten kanske du redan har Google Authenticator-appen installerad på din smartphone och använder den för tvåfaktorsautentisering på Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

If You need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin,
but please note that enabling the App password feature will make your blog less secure.

Erkännande

Tack till:

Oleksiy for a bugfix in multisite.

Paweł Nowacki för den polska översättningen

Fabio Zumbi för den portugisiska översättningen

Guido Schalkx för den nederländska översättningen.

Henrik.Schack for writing/maintaining versions 0.20 through 0.48

Tobias Bäthge for his code rewrite and German translation.

Pascal de Bruijn for his ”relaxed mode” idea.

Daniel Werl for his usability tips.

Dion Hulse for his bugfixes.

Aldo Latino för hans italienska översättning.

Kaijia Feng for his Simplified Chinese translation.

Alex Concha för hans säkerhetstips.

Jerome Etienne for his jquery-qrcode plugin.

Sébastien Prunier för hans spanska och franska översättning.

Skärmdumpar

The enhanced log-in box.
Google Authenticator section on the Profile and Personal options page.
QR code on the Profile and Personal options page.
Google Authenticator-app på Android

Installation

Make sure your webhost is capable of providing accurate time information for PHP/WordPress, ie. make sure a NTP daemon is running on the server.
Installera och aktivera tillägget.
Enter a description on the Users -> Profile and Personal options page, in the Google Authenticator section.
Skanna den genererade QR-koden med din telefon, eller ange hemligheten manuellt, kom ihåg att välja den tidsbaserade.
Du kanske också vill skriva ner hemligheten på ett papper och förvara det på ett säkert ställe.
Remember to hit the Update profile button at the bottom of the page before leaving the Personal options page.
Det är allt, din WordPress-blogg är nu lite säkrare.

Vanliga frågor

Kan jag använda Google Authenticator för WordPress med Android/iPhone-apparna för WordPress?: Yes, you can enable the App password feature to make that possible, but notice that the XMLRPC interface isn’t protected by two-factor authentication, only a long password.
Jag vill uppdatera hemligheten, ska jag bara skanna den nya QR-koden efter att ha skapat en ny hemlighet?: No, you’ll have to delete the existing account from the Google Authenticator app on your smartphone before you scan the new QR code, that is unless you change the description as well.
Jag kan inte logga in med detta tillägg, vad är fel?: The Google Authenticator verification codes are time based, so it’s crucial that the clock in your phone is accurate and in sync with the clock on the server where your WordPress installation is hosted.
If you have an Android phone, you can use an app like ClockSync to set your clock in case your Cell provider doesn’t provide accurate time information
Another option is to enable ”relaxed mode” in the settings for the plugin, this will enable more valid codes by allowing up to a 4 min. timedrift in each direction.
I have several users on my WordPress installation, is that a supported configuration ?: Ja, varje användare har sina egna Google Authenticator-inställningar.
During installation I forgot the thing about making sure my webhost is capable of providing accurate time information, I’m now unable to login, please help.: If you have SSH or FTP access to your webhosting account, you can manually delete the plugin from your WordPress installation,
just delete the wp-content/plugins/google-authenticator directory, and you’ll be able to login using username/password again.
Jag äger inte en smartphone, finns det inte ett annat sätt att generera dessa hemliga koder?: Ja, det finns en webbaserad version här: https://gauth.apps.gbraad.nl/
Github-projekt här: https://github.com/gbraad/gauth
Kan jag skapa reservkoder?: No, but if you’re using an Android smartphone you can replace the Google Authenticator app with Authenticator Plus.
It’s a really nice app that can import your existing settings, sync between devices and backup/restore using your sd-card.
It’s not a free app, but it’s well worth the money.
Några kända inkompatibiliteter?: Yes, the Man-in-the-middle attack/replay detection code isn’t compatible with the test/setup mode in the ”Stop spammer registration plugin”,
please remember to remove the ”Check credentials on all login attempts” checkmark before installing my plugin.

Recensioner

Bart Bak 4 maj 2023

Works! Uses WordPress UI, is super lightweight, not overdesigned, and is trivial to set up. Great job!

ntalam 30 april 2023

Fatal error: Uncaught Firebase\JWT\BeforeValidException: Cannot handle token prior to 2023-04-30T20:30:33+0000 in ...\one-tap-google-sign-in\includes\vendor\firebase\php-jwt\src\JWT.phpI understand it requires synchronization, but you need to handle this error properly. Cheers

jjbbrr 22 december 2022

One of my sites got hacked and some spam blogs posted. Don't know how they got access but decided to add 2FA as a preventative. Implemented for all authors. Works out of the box, simple interface without lots of bells and whistles.

sianvdheide 21 oktober 2022 2 svar

Since a few days the plugin stopped working. It used to work perfect. Users who have Google Authenticator activated can't login anymore. They get the message that their username/password is invalid while it isn't. They're able to login again when I deactivate Google Authenticator in their profile. Is this a known bug, if so, how to fix this? Thanks in advance.

Elenbaas 2 september 2022 1 svar

Great little app. Easy to use and install, does the job. Saves me from having to use Wordfence, which is much resource heavier.

icedterminal 4 juni 2022 2 svar

This plugin works fine with PHP 7.4 and WP 6.0, if you're using them. However, 7.4 ceases all support 28th Nov, 2022. At the time of my comment, this is 5 months away. Time is ticking. PHP 8.0 is in use on my server with WP 6.0. While WP works without issue, the plugin does not. Occasionally I get failures to authenticate. To get around this I have to login to the database and manually disable this plugin. The error log reports "Undefined array key" over and over. There is a different documented bug that has been solved by users you can find under the "Support" tab. The GitHub repo has gone untouched since 8th December, 2020. I fear this plugin has been abandoned. Unfortunate really. It's dead simple to use with none of the extra stuff you don't want that other plugins cram in.

Läs alla 133 betyg

Bidragsgivare och utvecklare

”Google Authenticator” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg.

Ivan

”Google Authenticator” har översatts till 15 språk. Tack till översättarna för deras bidrag.

Översätt ”Google Authenticator” till ditt språk.

Intresserad av programutveckling?

Läs programkoden, kika på SVN-filförvaret eller prenumerera på utvecklarloggen via RSS.

Ändringslogg

0.54

Fixed a bug in multisite.

0.53

Add a Polish translation

0.52

Add a Dutch translation
Add a Portuguese translation

0.51

Fix a regression that broke app passwords

0.50

New maintainer ivankk
Conditionally include base32 class

0.49

More streamlined sign-up flow for users, configuration screen for admins.
Multisite support to either enable 2fa by role on a site, and/or on a network.
Added filter google_authenticator_needs_setup to determine if user needs to enable 2fa.
Added two part login process that can ask for 2fa code on a second login screen.
Fixed a security bug that continued check_otp even if authenticate had already returned an error.

0.48

Security fix / compatability with WordPress 4.5

0.47

Google chart API replaced with jquery-qrcode
QR codes now contain a heading saying WordPress (Feature request by Flemming Mahler)
Danish translation & updated .pot file.
Plugin now logs login attempts recognized as Man-in-the-middle attacks.

0.46

Man-in-the-middle attack protection added.
Show warning before displaying the QR code.
FAQ updated.

0.45

Spaces in the description field should now work on iPhones.
Some depricated function calls replaced.
Code inputfield easier to use for .jp users now.
Sanitize description field input.
App password hash function switched to one that doesn’t have rainbow tables available.
PHP notices occurring during app password login removed.

0.44

Installation/FAQ section updated.
Simplified Chinese translation by Kaijia Feng added.
Tabindex on loginpage removed, no longer needed, was used by older WordPress installations.
Inputfield renamed to ”googleotp”.
Defaultdescription changed to ”WordPressBlog” to avoid trouble for iPhone users.
Compatibility with Ryan Hellyer’s plugin http://geek.ryanhellyer.net/products/deactivate-google-authenticator/
Must enter all 6 code digits.

0.43

It’s now possible for an admin to hide the Google Authenticaator settings on a per-user basis. (Feature request by : Skate-O)

0.42

Autocomplete disabled on code input field. (Feature request by : hiphopsmurf)

0.41

Italian translation by Aldo Latino added.

0.40

Bugfix, typo corrected and PHP notices removed. Thanks to Dion Hulse for his patch.

0.39

Bugfix, Description was not saved to WordPress database when updating profile. Thanks to xxdesmus for noticing this.

0.38

Usability fix, input field for codes changed from password to text type.

0.37

The plugin now supports ”relaxed mode” when authenticating. If selected, codes from 4 minutes before and 4 minutes after will work. 30 seconds before and after is still the default setting.

0.36

Bugfix, now an App password can only be used for XMLRPC/APP-Request logins.

0.35

Initial WordPress app support added (XMLRPC).

0.30

Code cleanup
Changed generation of secret key, to no longer have requirement of SHA256 on the server
German translation

0.20

Initial release

Simply a missing feature in .ORG

error

Works as expected

Plugin stopped working

Cannot reset after re-install

Barely works