Plugin Reviews


Enhanced Login Security for Your WordPress blog.

4 reviews
Average Rating
4.5 out of 5 stars
This must be a joke
By , for WP 4.1
function yubikey_verify_otp($otp,$yubico_api_id,$yubico_api_key){

	$ch = curl_init($url);
	curl_setopt($ch, CURLOPT_USERAGENT, "WordPress Yubikey OTP login plugin");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	$response = trim(curl_exec($ch));

	if (yubikey_verify_hmac($response,$yubico_api_key)) {
		if(!preg_match("/status=([a-zA-Z0-9_]+)/", $response, $result)) {
			return false;
		<strong>if ($result[1]=='OK') {</strong>
			return true;
	return false;


  • unencrypted
  • unauthenticated
  • unsigned

response of "OK" is what users should base security assumptions on?

Private yubi val-server
By ,

I'm not able to figure out how to use a custom val-server. I have changed the verifier address in yubikey.php and I have all the neccessary info (API key and ID's) for the user. But the plugin doesn't attempt to communicate with the server.

Any help would be appreciated.

Suggestion: HTTPS in API call
By , for WP 3.8.1

Hi Henrik

Thanks for your work! Your plugin works great.

However, would't it be better to call the Yubico API via HTTPS?

Works great and blocks automated password hacks
By , for WP 3.3.1

I have had Yubikey (old version) for a years and not used it much. Mainly I used it as a OpenID authentication on many sites. WordPress does support OpenID authentication but it works much better with this plugin.
Thank you for doing it!

You must log in to submit a review. You can also log in or register using the form near the top of this page.