이 플러그인은 최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다. 워드프레스의 좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 있을 수 있습니다.

Per User Prompt for Google Authenticator

설명

The Google Authenticator plugin is a great way to add two-factor authentication to your site, but it does have one major drawback: it asks every user for the authentication token, regardless of whether they have 2FA enabled or not. This can be confusing for users, which prevents some administrators from using the plugin on multi-user sites.

This plugin modifies the way that Google Authenticator behaves so that only users who have it enabled are prompted for the token. If a user doesn’t have it enabled, then they’ll proceed directly to the Administration Panels; if they do have it enabled then they’ll be prompted to enter their 2FA code.

스크린샷

  • The token prompt no longer appears on the initial login screen
  • If a user has two factor auth enabled, they’ll see the prompt on a secondary screen, after they login

설치

For help installing this (or any other) WordPress plugin, please read the Managing Plugins article on the Codex.

Once the plugin is installed and activated, you don’t need to do anything else.

FAQ

Does this replace the Google Authenticator plugin?

No, this is built on top of the Google Authenticator plugin and requires it in order to work.

Is this plugin secure?

I’ve done my best to ensure that it is, but just in case I missed anything I also offer a security bounty for any vulnerabilities that can be found and privately disclosed in any of my plugins.

What should I do if I can’t login?

Since this plugin integrates tightly with the Google Authenticator plugin, it’s possible that at some point in the future, changes in Google Authenticator will break the customized login process that this plugin implements. If that happens, I’ll release an updated version of this plugin to make it compatible with the new changes.

You may have difficulty installing the updated version if you can’t login, though, so you’ll need to deactivate this plugin by some alternate means, and then update it before re-activating it.

There are several alternate methods of deactivating the plugin: you can delete it via S/FTP, or by changing a database option in phpMyAdmin, or you can ask your hosting company to delete the plugin for you.

후기

2017년 11월 21일
On installing I get told I don’t meet the system requirements. The Google Authenticator plugin must be installed and activated. (It is) PHP 5.2.4+ (You’re running version 5.6.31) (It’s telling me I’m running a later version of PHP) WordPress 4.4+ (You’re running version 4.9) (And I’m running the latest version of Wordpress)
2017년 3월 15일
Installing this plugin makes logging into my WordPress website just like logging in my Gmail when hooked up to the Google Authenticator app on my Android phone. I appreciate the extra security. Thank you!
2016년 12월 31일
It is a superb idea to have these kinds of plugins for free without any annoying ads.
2016년 9월 3일
Thank you for your work!
2016년 9월 3일
Can confirm this works in WP 4.4. IMO, a necessary addition to the great Google Authenticator plugin. Thanks!
모든 10 평가 읽기

기여자 & 개발자

“Per User Prompt for Google Authenticator”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다.

기여자

자국어로 “Per User Prompt for Google Authenticator”(을)를 번역하세요.

개발에 관심이 있으십니까?

코드 탐색하기는, SVN 저장소를 확인하시거나, 개발 기록RSS로 구독하세요.

변경이력

v0.7 ()

  • [SECURITY] Hardening against low-severity vulnerability where against application passwords were susceptible to timing attacks.
  • [UPDATE] Minor cleanup.

v0.6 (2016-04-28)

  • [SECURITY] Harden nonce verification to mitigate by-passing regular password authentication. This is a preventative step against a theoretical attack vector, not a response to a proven vulnerability. For more details, see https://github.com/julien731/WP-Google-Authenticator/issues/11.
  • [FIX] Add support for using application passwords with email addresses instead of only usernames (new in WordPress 4.5).
  • [FIX] Resolve conflict with Theme My Login plugin by checking for login header/footer functions.

v0.5 (2014-06-22)

  • [FIX] The ‘Remember Me’ flag is no longer ignored when logging in.
  • [NEW] Added an automated acceptance test suite. Alliteration FTW!

v0.4 (2013-12-30)

  • [UPDATE] Added support for new application password format in Google Authenticator 0.45

v0.3 (2013-12-20)

  • [NEW] Focus automatically set on token input field

v0.2 (2013-12-11)

  • [FIX] User with valid username/password no longer temporarily logged in before entering 2FA token. Prevents leaking auth cookies. props cathyjf

v0.1 (2013-12-10)

  • [NEW] Initial release