WordPress.org

Plugin Reviews

yubikey-plugin

Enhanced Login Security for Your WordPress blog.

5 reviews
Average Rating
4.7 out of 5 stars
You are currently viewing the reviews that provided a rating of 5 stars. Click here to see all reviews.
Just works!
By , for WP 4.2.3

Even though the plugin has not been updated in years, it works like a charm.

Excellent Plugin
By , for WP 4.1.1

I love Yubico and was pleasantly surprised that this plugin existed!

The plugin works just as you expected and you can save up to three keys for each user which is a nice touch.

This must be a joke
By , for WP 4.1
function yubikey_verify_otp($otp,$yubico_api_id,$yubico_api_key){
	<strong>$url="http://api.yubico.com/wsapi/verify?id=".$yubico_api_id."&otp=".$otp;</strong>

	$ch = curl_init($url);
	curl_setopt($ch, CURLOPT_USERAGENT, "WordPress Yubikey OTP login plugin");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	$response = trim(curl_exec($ch));
	curl_close($ch);

	if (yubikey_verify_hmac($response,$yubico_api_key)) {
		if(!preg_match("/status=([a-zA-Z0-9_]+)/", $response, $result)) {
			return false;
		}
		<strong>if ($result[1]=='OK') {</strong>
			return true;
		}
	}
	return false;
}

An

  • unencrypted
  • unauthenticated
  • unsigned

response of "OK" is what users should base security assumptions on?
C'mon.

Private yubi val-server
By ,

I'm not able to figure out how to use a custom val-server. I have changed the verifier address in yubikey.php and I have all the neccessary info (API key and ID's) for the user. But the plugin doesn't attempt to communicate with the server.

Any help would be appreciated.

Works great and blocks automated password hacks
By , for WP 3.3.1

I have had Yubikey (old version) for a years and not used it much. Mainly I used it as a OpenID authentication on many sites. WordPress does support OpenID authentication but it works much better with this plugin.
Thank you for doing it!

You must log in to submit a review. You can also log in or register using the form near the top of this page.