説明
This is a plugin for WordPress that provides multifactor authentication with one-time passwords using the Yubikey USB token.
The plugin uses the Yubico Web service API in the authentication process.
The one-time password requirement can be enabled on a per user basis.
スクリーンショット
Entering Key ID on the profile page 
Entering Yubico ID & API key on Yubikey options page. 
The enhanced loginbox. 
The Yubikey itself.
インストール
- Buy a Yubikey
- Create a Yubico ID & API Key
- Unzip plugin into your /wp-content/plugins/ directory.
- Enter Key ID on the Users -> Profile and Personal options page.
- Enter Yubico ID & API key on the Settings -> Yubikey options page.
Id/key confused ? Well the Key ID is the first 12 chars from the output Your Yubikey generates,
they don’t change, the Yubico ID and API Key is used when communicating with the Yubico authentication server.
FAQ
- How much does the Yubikey cost ?
-
A single Yubikey is $40
- Are there any special requirements for my WordPress/PHP installation ?
-
PHP5 with Hash & Curl libs enabled.
- I have a lot of users on my WordPress installation, do they all need Yubikeys ?
-
No the plugin can be enabled on a per user basis.
評価
2023年4月12日
On some WP sites it works, but on others it doesn’t work. Must be a ‘conflict’ somewhere. Too bad there is no logging to see where it goes wrong. As soon as I rename the woo-yubi folder, to disable the plugin, I can login again.
2023年2月3日
1 reply
at first i wasnt’ sure who i can trust. i mean this plugin is written by a stranger, not yubikey. So i got my unique api key from yubikey.co and installed it. Entered it into the plugin. enabled the user from user/profile, plugged in my key to generate a key, saved, logged out and logged back in and it worked. I tried any NON enabled user and of course did not enter a key via my key and got in. So here’s my test that this plugin author is actually communicating with yubikey.co, I changed just one letter in my api id and tried logging in, and i could NOT. Soo… this tells me that it’s trying to communicate with yubi apparently to authenticate, otherwise it would not know. Alternately, i could have deleted my api key from yubikey.co to test. regardless, it works seamlessly. I’m using WP 5.8.6
2022年10月15日
It appeared on the login screen but then caused login to fail “Incorrect Username or Password”. I had to delete the plugin folder from the server to get in to my WP admin. I’m new to Yubikey so the error could be in how I use my new keys (though I added them both to the WP admin profile and the Yubikey API to the plugin settings page). I love the idea – wish it would work for me.
2020年4月3日
Thanks for an amazing plugin. Hopefully the maintainer is looking and will update things to show they are tested as working with WP 5.4, since it does.
2020年2月29日
So nice to have the possibility of adding an extra layer of security to WordPress admin panel. Plugins is working perfect with version 5.3.2. I encountered some semantic issues, thus, using in WordPress “Yubico API ID and Yubico API key” vs “Client ID and Secret Key” on Yubico’s site, not important.
2019年2月6日
1 reply
Exactly what I was looking for. Just install, activate it and get/insert an API Key (which can be obtained in seconds).
Subsequently every user can manage the Yubikey-Settings right in the profile.
Nothing more, Nothing less.
貢献者と開発者
変更履歴
2.3
Yubi API Version 2 Implemented
2.2
Darn SVN messing me up
2.1
Working with more recent API from YubiKey
0.96
Some depricated stuff removed.
Tab index on login page remove.
0.95
API key URL updated
0.94
- Version mess fixed
0.93
- Styling on descriptions added, once again thanks to Uwe Moosheimer
0.92
- German translation by Uwe Moosheimer added
0.91
- Tab index fix on registration page
0.90
- Support for multiple Yubikeys per account.
- Tested with WordPress 3.1.1
0.82
- Russian translation contributed by M. Comfi http://www.comfi.com/
0.81
- WordPress global var $is_profile_page has been changed into a constant
- IS_PROFILE_PAGE. Thanks to Koen Vervloesem for reporting this.
0.80
- More multiuser friendly version. Now, a Yubikey can be registered during
- registration. An Administrator can disable the OTP requirement for other users
0.71
- Initial release