The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.
If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.
The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.
If You need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin,
but please note that enabling the App password feature will make your blog less secure.
Fabio Zumbi for the Portuguese translation
Guido Schalkx for the Dutch translation.
Henrik.Schack for writing/maintaining versions 0.20 through 0.48
Tobias Bäthge for his code rewrite and German translation.
Pascal de Bruijn for his “relaxed mode” idea.
Daniel Werl for his usability tips.
Dion Hulse for his bugfixes.
Aldo Latino for his Italian translation.
Kaijia Feng for his Simplified Chinese translation.
Alex Concha for his security tips.
Jerome Etienne for his jquery-qrcode plugin.
Sébastien Prunier for his Spanish and French translation.
Yes, you can enable the App password feature to make that possible, but notice that the XMLRPC interface isn’t protected by two-factor authentication, only a long password.
No, you’ll have to delete the existing account from the Google Authenticator app on your smartphone before you scan the new QR code, that is unless you change the description as well.
The Google Authenticator verification codes are time based, so it’s crucial that the clock in your phone is accurate and in sync with the clock on the server where your WordPress installation is hosted.
If you have an Android phone, you can use an app like ClockSync to set your clock in case your Cell provider doesn’t provide accurate time information
Another option is to enable “relaxed mode” in the settings for the plugin, this will enable more valid codes by allowing up to a 4 min. timedrift in each direction.
Yes, each user has his own Google Authenticator settings.
If you have SSH or FTP access to your webhosting account, you can manually delete the plugin from your WordPress installation,
just delete the wp-content/plugins/google-authenticator directory, and you’ll be able to login using username/password again.
Yes, there is a webbased version here : https://gauth.apps.gbraad.nl/
Github project here : https://github.com/gbraad/gauth
No, but if you’re using an Android smartphone you can replace the Google Authenticator app with Authenticator Plus.
It’s a really nice app that can import your existing settings, sync between devices and backup/restore using your sd-card.
It’s not a free app, but it’s well worth the money.
Yes, the Man-in-the-middle attack/replay detection code isn’t compatible with the test/setup mode in the “Stop spammer registration plugin”,
please remember to remove the “Check credentials on all login attempts” checkmark before installing my plugin.
Google Authenticator for your WordPress blog.View Cart
????? ??????? ?????????? ? ????????-???????? ?? Woocommerce. Adds Russian l...
Cookiebot is a cloud-driven solution that automatically controls cookies an...
Search & Replace data in your database with WordPress admin, replace do...
Remove meta author and date information from posts and pages. Hide from Hum...