WordPress.org

Ready to get started?Download WordPress

Forums

yubikey-plugin
XMLRPC/WordPress Mobile App Problems (3 posts)

  1. tnolte
    Member
    Posted 3 years ago #

    I never got around to posting this request/issue so I've actually had the plugin disabled for quite some time. It would seem that this plug hooks in such a way that it prevents being able to authenticate and ultimately post via XMLRPC and/or the WordPress Mobile Apps. I'm not quite certain if the WordPress Mobile Apps are using XMLRPC or not but I do know that when I have this enabled on my account I lose the ability to access from the mobile app. I'll be honest that I'm not sure if there is actually a fix for this. It doesn't seem that the mobile app has any way to know what plugins are installed in a WP site and have any way of presenting that functionality in the mobile app. The solution would be to not require the OTP when accessing via Mobile App or XMLRPC but then it really wouldn't be providing much security then anyways. However I wonder if there wouldn't be some way of including the OTP as a part of the password. Though I'm not certain this would be of use as I cannot plug my Yubikey into my Android phone. Well, as I've said I don't really have any good solutions off the top of my head but I thought that I'd at least report it in the hopes that someone has a great idea. I love the idea of using my Yubikey to secure the WP sites, it's just not practical from a Mobile Admin perspective.

    http://wordpress.org/extend/plugins/yubikey-plugin/

  2. Henrik Schack
    Member
    Plugin Author

    Posted 3 years ago #

    Hi tnolte
    You are right, if you enable yubikey authentication on an account, you are no longer able to login with this account using the mobile app.

    How about if you created a less privileged useraccount for mobile access and didn't enable yubikey authentication for that account ?

    Best regards
    Henrik Schack

  3. tnolte
    Member
    Posted 3 years ago #

    Hey Henrik,

    You're right on. As I thought about the state of the sites I manage and overall security I realized that I really needed to take the same approach with the WordPress sites as I would server administration. I've recently setup admin accounts, which I plan to turn on YubiKey requirements for. I've then converted my everyday account to a standard user. Granted I now have to login as the admin account to check for updates, but this is the more secure way to go about administering the site. Thanks again for the great plugin!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic