Google Authenticator for your WordPress blog.
working like a charme, since f. hoster cant get his clocks working correct...
Excellent feature set. Good UX.
I'm a huge fan of multi-factor authentication and it's exciting to see someone in the WordPress community bring this important security function to WordPress. Combine this plugin with the "Limit Login Attempts" plugin and you're well on your way to running a much more secure WordPress installation.
The plug-in adds a simple (but important) feature, but does this very well.
Settings are per-user so a higher level of security is not imposed on users who really don't need it (non-admins etc).
There are no unnecessary pages, links or adds added. The settings are neatly tucked in the user's profile, and don't look out of place.
My only suggestion would be to add a link to the plugin's section on the profile page from the plugins page (next to 'deactivate' and 'edit'). Just for ease of finding the settings (I'm use to plugins adding pages under the settings / plugins / tools tab that I instinctively look their first :) )
Great plug-in! Thank you Henrik!
Plugin is setup in a couple of seconds and works as advertised.
Every WordPress blog or website owner should have this plugin!
Really easy to handle, but it would be nice to have a mechanism to only allow logins if they use 2nd factor!
Awesome work !
Its a must have for all the wordpress sites.
2-Step Authentication is becoming more and more prevalent. Not having it on a WordPress website simply doesn't make sense. Anyone who has a WordPress website should install the Google Authenticator plugin for their 2-Step Authentication protection.
I did recently have an issue, with newly added Man in the Middle protection, but Henrik took it upon himself to locate the problem and find a solution. He will be providing additional info, via an FAQ, so this issue doesn't resurface, for others.
While I am now rating this plugin 5 Stars, I do have a feature suggestion. Even with this plugin installed, not all users, are electing to use the Google Authenticator 2-step Authentication, to protect their account. Those users, not using it, get confused, when accessing the login screen, because the login screen still asks them for the Google Authenticator Code, even if they aren't using it. While I understand this issue is explained for them, in a tool-tip, it seems a slightly different process could be better used. I would suggest that the 2-Step Authentication not occur on the same screen as the username/password, but in a screen after the username/password has been entered/validated. Then the Authentication screen could be displayed only for those users electing to use it, which is how most apps use 2-Step Authentication, anyway.
Works as advertised, no issues.
The only drawback is that - despite the tooltip - users are confused about the new field on the log-in screen. It doesn't even help to inform them in their sign-up emails (because after some weeks they forgot, or they use one login for a company, or they don't read the small print ...)
A great enhancement would therefore be to have the field by default hidden (reveal with checkbox) or to make it (like Google, Dropbox etc.) in two steps: only users who have GA enabled see the field for the code in the next step.
Simple, easy, fast.
Easy to configure, easy to use! :)
You must log in to submit a review. You can also log in or register using the form near the top of this page.