Google Authenticator for your WordPress blog.
Awesome work !
Its a must have for all the wordpress sites.
2-Step Authentication is becoming more and more prevalent. Not having it on a WordPress website simply doesn't make sense. Anyone who has a WordPress website should install the Google Authenticator plugin for their 2-Step Authentication protection.
I did recently have an issue, with newly added Man in the Middle protection, but Henrik took it upon himself to locate the problem and find a solution. He will be providing additional info, via an FAQ, so this issue doesn't resurface, for others.
While I am now rating this plugin 5 Stars, I do have a feature suggestion. Even with this plugin installed, not all users, are electing to use the Google Authenticator 2-step Authentication, to protect their account. Those users, not using it, get confused, when accessing the login screen, because the login screen still asks them for the Google Authenticator Code, even if they aren't using it. While I understand this issue is explained for them, in a tool-tip, it seems a slightly different process could be better used. I would suggest that the 2-Step Authentication not occur on the same screen as the username/password, but in a screen after the username/password has been entered/validated. Then the Authentication screen could be displayed only for those users electing to use it, which is how most apps use 2-Step Authentication, anyway.
Works as advertised, no issues.
The only drawback is that - despite the tooltip - users are confused about the new field on the log-in screen. It doesn't even help to inform them in their sign-up emails (because after some weeks they forgot, or they use one login for a company, or they don't read the small print ...)
A great enhancement would therefore be to have the field by default hidden (reveal with checkbox) or to make it (like Google, Dropbox etc.) in two steps: only users who have GA enabled see the field for the code in the next step.
Simple, easy, fast.
Easy to configure, easy to use! :)
configured for woocommerce.
little html issue:
close label tag before input field in function loginform()
Excellent security enhancement plugin. Highly recommended!
With all the hacking thats been going on. This is a must for any administrator!
The plugin is rather useless, if you can login with also a false Google code!!!!
I have tested it on a WP network installation, plugin network wide enabled and tried to log in to my network with my username/pass and - on purpose - a false Google code!
And: the login was successul!
Please fix this! Thanks.
Simply its great to have the extra level of authentication and its nice to see that the Plugin creator has been creating other similar authentication plugins.
I couldn't figure out how it worked initially. There's no settings associated with it, or anything to indicate what you should do. Eventually it becomes obvious that you have to enable it on a per-user basis. Each user has to log-in and activate it for themselves. It also doesn't give a very useful default title for the description - meaning everyone has to update that.
Just giving 4 stars, because of:
* undocumented feature "use app password" - what does it do??
* I'd prefer a 2nd login page for the time based password, so unauthenticaed users dont see you're using this plugin.
Otherwise it is an excellent plugin which greatly enhances your security. Very much recommended!
You must log in to submit a review. You can also log in or register using the form near the top of this page.