WordPress.org

Forums

WordPress Simple Security Firewall
[resolved] Two Factor Auth by role (15 posts)

  1. barnabasnagy
    Member
    Posted 11 months ago #

    I tested your two factor auth and it works really well. Only problem is: I can't set the roles to which it should apply to.

    Eg I have websites where I don't want to force simple forum members to use two factor but for editors and admins I do want.

    Eg the Two Factor Auth by Oscar Hane does this well: https://wordpress.org/plugins/two-factor-auth/screenshots/

    You can select multiple roles by checkbox. Which would be a really cool addition to WSF.

    If this was implemented I would use WSF over TFA

    https://wordpress.org/plugins/wp-simple-firewall/

  2. Paul G.
    Member
    Plugin Author

    Posted 11 months ago #

    Never really thought of that... I'll see about adding this

    Thanks for the idea!
    Paul.

  3. barnabasnagy
    Member
    Posted 11 months ago #

    No worries. I also have a client who I trialled two factor auth and neither editors nor members did not get how to use it. So I only applied to to admins. Which is what level of access hackers try to get in anyway.

  4. Paul G.
    Member
    Plugin Author

    Posted 11 months ago #

    Would a minimum level work? Say, enforce 2-factor for all levels above... 'Editor'?

  5. barnabasnagy
    Member
    Posted 11 months ago #

    Hi Paul,

    It would be much better but I would not like to say it would work for me perfectly. I may want to have 2 factor for admins and contributors, leaving out editors. Oskar Hane's plugin just does this well with simple checkboxes.

    Is that more difficult to do?

    Barnabas

  6. Paul G.
    Member
    Plugin Author

    Posted 11 months ago #

    Hey,

    Yea, much easier to have a single option value instead of several; either way, it'll take a few days to get this put through.

    It should be in the next release though.
    Cheers,
    Paul.

  7. Paul G.
    Member
    Plugin Author

    Posted 11 months ago #

    Hi Barnabas,

    I decided to get cracking on this and I've pushed out v2.5.6 which should allow you to select multiple roles that are subject to 2-factor auth.

    Please let me know if this is what you were looking for.

    Thanks,
    Paul.

  8. barnabasnagy
    Member
    Posted 11 months ago #

    Hi Paul,

    This works like a charm! Thanks so much.

    Barnabas

  9. Paul G.
    Member
    Plugin Author

    Posted 11 months ago #

    Happy to help! :)

  10. barnabasnagy
    Member
    Posted 11 months ago #

    Hi Paul,

    Two issues:

    1. When I unselect all roles and save, it auto selects Contributor and above. But this is the least issue.

    2. I selected Admin role two factor for a site that uses S2 Member. When I logged in with my test editor it did not ask it to two factor which is how it should be. But then I logged in with my test member user that is assigned S2 Member level #1 and it asked me to two factor - which I do not want obviously!

    For now I had to disable two factor for the whole site because of this.

    Could you please help?

    Barnabas

  11. Paul G.
    Member
    Plugin Author

    Posted 11 months ago #

    Hey Barnabas,

    For #1 this is expected behaviour, because if you want to actually turn of Two-Factor authentication, you wouldn't do it by deselecting the roles, you'd do it by deselecting the two-factor option itself.

    #2, I've released v2.5.7 to hopefully address this. It's hard to say because I can't replicate the issue exactly, so I simplified the logic used to determine whether 2-factor would be applied to a role.

    My concern might be how perhaps S2 Member is affecting roles and levels, but I'm not sure. Determining roles and levels in WordPress, like many things WordPress, is a dark art, so for now I'm going with this translation for roles and levels:
    https://codex.wordpress.org/Roles_and_Capabilities#User_Level_to_Role_Conversion

    Let me know how this update works for you.
    Cheers,
    Paul.

  12. barnabasnagy
    Member
    Posted 11 months ago #

    Hi Paul,

    1. "you'd do it by deselecting the two-factor option itself." - how to do that? I did not find an option.

    2. It WORKS!

    Thanks a lot!

    Barnabas

  13. Paul G.
    Member
    Plugin Author

    Posted 11 months ago #

    There are 2x two-factor auth options - one by IP address, the other by Cookie. Simply deselecting both these options will turn off 2-factor.

  14. barnabasnagy
    Member
    Posted 10 months ago #

    I see. Just a gentle feedback - it wasn't obvious ;)

    Logically both could have disabled the 2 factor.

    1. Deselecting the users.
    2. Deselecting the options.

    The most obvious would be to add a tick box next to the two factor headline that says enable. If unticked it would disable it.

  15. Paul G.
    Member
    Plugin Author

    Posted 10 months ago #

    The problem is that it would be an extra option that doesn't actually do anything more than the other two. I may add just some explanatory text to the section.

Reply

You must log in to post.

About this Plugin

About this Topic