A lot of web sites, even well known ones (newspapers, telcos, …) adopts
WordPress as their CMS. WordPress is a great platform, however it
can happen that password leaking or guessing might lead to unauthorized
access to the platform. A potential attacker can be therefore able to
change articles, part of the web site and/or make the website unavailable,
with image and economic damages for a company or for a blogger.
This is even more true if your website is not SSL protected.
SecurePass is a SaaS service offering an easy and affordable solution
for One Time Passwords (OTP) and strong authentication in general. They
offer 5 users for free included with their standard (=basic) account, which
is more than enough for standard blogs and web sites. Companies can purchase
additional users, if needed.
More information on the section “Setup and configure SecurePass” in Other Notes.
To open a SecurePass account go to http://www.secure-pass.net/open
Setup and configure SecurePass
If you don’t own already an account with SecurePass, you can sign-up for a new account here: http://www.secure-pass.net/open
Note: Use “misec2011” as promo code, it will give you an entitlement for using
SecurePass up to 10 users for 2 years free-of-charge. Without any promo code,
you will have 5 users for 20 years for free. It depends on what you need (more users or more years).
Connect to the admin interface on https://admin.secure-pass.net
and create a new device (basically a RADIUS client).
In the admin interface, go to the “Device” section and add a new device.
You will need to set the public IP Address of the server, a fully qualified
domain name (FQDN), and the secret password for the radius authentication.
It’s ok if your web server is behind a firewall and/or NAT, ensure that
your server has rights to send (and receive) RADIUS authentication requests,
i.e. UDP port 1812.
This plugin web site:
SecurePass web site:
UK on-line shop for SecurePass (they sell hardware tokens):
Initial code of the plugin