説明
This is a plugin for WordPress that provides multifactor authentication with one-time passwords using the Yubikey USB token.
The plugin uses the Yubico Web service API in the authentication process.
The one-time password requirement can be enabled on a per user basis.
スクリーンショット
Entering Key ID on the profile page 
Entering Yubico ID & API key on Yubikey options page. 
The enhanced loginbox. 
The Yubikey itself.
インストール
- Buy a Yubikey
- Create a Yubico ID & API Key
- Unzip plugin into your /wp-content/plugins/ directory.
- Enter Key ID on the Users -> Profile and Personal options page.
- Enter Yubico ID & API key on the Settings -> Yubikey options page.
Id/key confused ? Well the Key ID is the first 12 chars from the output Your Yubikey generates,
they don’t change, the Yubico ID and API Key is used when communicating with the Yubico authentication server.
FAQ
- How much does the Yubikey cost ?
-
A single Yubikey is $40
- Are there any special requirements for my WordPress/PHP installation ?
-
PHP5 with Hash & Curl libs enabled.
- I have a lot of users on my WordPress installation, do they all need Yubikeys ?
-
No the plugin can be enabled on a per user basis.
評価
2020年4月3日
Thanks for an amazing plugin. Hopefully the maintainer is looking and will update things to show they are tested as working with WP 5.4, since it does.
2020年2月29日
So nice to have the possibility of adding an extra layer of security to WordPress admin panel. Plugins is working perfect with version 5.3.2. I encountered some semantic issues, thus, using in WordPress "Yubico API ID and Yubico API key" vs "Client ID and Secret Key" on Yubico's site, not important.
2019年2月6日
Exactly what I was looking for. Just install, activate it and get/insert an API Key (which can be obtained in seconds).
Subsequently every user can manage the Yubikey-Settings right in the profile.
Nothing more, Nothing less.
2018年12月15日
WP 5. and a Fairly old Yubikey. Installation and API activation worked without hassle but when entering the OTP on the login page it just fails to grant access.
No obvious errors.
I have no time to trouble shoot, so will look for an alternative 2fa.
2017年12月30日
I love WordPress for it's simplicity to use and it's rich eco-system to achieve complex challenges, but always felt that a simple username and password combination was not enough to elevate the security of WordPress.
Now with this Yubikey-Plugin, I'm finally able to add an additional factor to safeguard against unauthorised access.
Many thanks to Adam Lyons for making this plugin available. It's really easy to set up and to activate 2FA per user account.
I also notified Yubico to update their WordPress plugin link to this plugin.
2017年11月7日
This plugin does exactly what it's supposed to do. Yubikey support has been added and it seems to be pretty secure as well (I hope).
Let's hope for continued updates and compatibility for the latest Wordpress versions.
Thank you for your hard work for creating this plugin!
貢献者と開発者
変更履歴
2.3
Yubi API Version 2 Implemented
2.2
Darn SVN messing me up
2.1
Working with more recent API from YubiKey
0.96
Some depricated stuff removed.
Tab index on login page remove.
0.95
API key URL updated
0.94
- Version mess fixed
0.93
- Styling on descriptions added, once again thanks to Uwe Moosheimer
0.92
- German translation by Uwe Moosheimer added
0.91
- Tab index fix on registration page
0.90
- Support for multiple Yubikeys per account.
- Tested with WordPress 3.1.1
0.82
- Russian translation contributed by M. Comfi http://www.comfi.com/
0.81
- WordPress global var $is_profile_page has been changed into a constant
- IS_PROFILE_PAGE. Thanks to Koen Vervloesem for reporting this.
0.80
- More multiuser friendly version. Now, a Yubikey can be registered during
- registration. An Administrator can disable the OTP requirement for other users
0.71
- Initial release