• Sobre o WordPress
    • Sobre o WordPress
    • WordPress.org
    • Documentação
    • Suporte
    • Feedback
  • Acessar
  • Cadastre-se
Pular para o conteúdo

WordPress.org

Brasil

  • Início
  • Temas
  • Plugins
  • Suporte
  • Documentação
  • Participe
  • Blog
  • Sobre
  • Baixar o WordPress

Plugins

  • Meus favoritos
  • Betas
  • Desenvolvedores
Baixar

Google Authenticator

Por Ivan Kruchkoff
  • Detalhes
  • Avaliações
  • Instalação
  • Suporte
  • Desenvolvimento

Descrição

The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

If You need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin,
but please note that enabling the App password feature will make your blog less secure.

Créditos

Thanks to:

Paweł Nowacki for the Polish translation

Fabio Zumbi for the Portuguese translation

Guido Schalkx for the Dutch translation.

Henrik.Schack for writing/maintaining versions 0.20 through 0.48

Tobias Bäthge for his code rewrite and German translation.

Pascal de Bruijn for his “relaxed mode” idea.

Daniel Werl for his usability tips.

Dion Hulse for his bugfixes.

Aldo Latino for his Italian translation.

Kaijia Feng for his Simplified Chinese translation.

Alex Concha for his security tips.

Jerome Etienne for his jquery-qrcode plugin.

Sébastien Prunier for his Spanish and French translation.

Imagens de tela

  • The enhanced log-in box.
  • Google Authenticator section on the Profile and Personal options page.
  • QR code on the Profile and Personal options page.
  • Google Authenticator app on Android

Instalação

  1. Make sure your webhost is capable of providing accurate time information for PHP/WordPress, ie. make sure a NTP daemon is running on the server.
  2. Install and activate the plugin.
  3. Enter a description on the Users -> Profile and Personal options page, in the Google Authenticator section.
  4. Scan the generated QR code with your phone, or enter the secret manually, remember to pick the time based one.
    You may also want to write down the secret on a piece of paper and store it in a safe place.
  5. Remember to hit the Update profile button at the bottom of the page before leaving the Personal options page.
  6. That’s it, your WordPress blog is now a little more secure.

FAQ

Can I use Google Authenticator for WordPress with the Android/iPhone apps for WordPress?

Yes, you can enable the App password feature to make that possible, but notice that the XMLRPC interface isn’t protected by two-factor authentication, only a long password.

I want to update the secret, should I just scan the new QR code after creating a new secret?

No, you’ll have to delete the existing account from the Google Authenticator app on your smartphone before you scan the new QR code, that is unless you change the description as well.

I am unable to log in using this plugin, what’s wrong ?

The Google Authenticator verification codes are time based, so it’s crucial that the clock in your phone is accurate and in sync with the clock on the server where your WordPress installation is hosted.
If you have an Android phone, you can use an app like ClockSync to set your clock in case your Cell provider doesn’t provide accurate time information
Another option is to enable “relaxed mode” in the settings for the plugin, this will enable more valid codes by allowing up to a 4 min. timedrift in each direction.

I have several users on my WordPress installation, is that a supported configuration ?

Yes, each user has his own Google Authenticator settings.

During installation I forgot the thing about making sure my webhost is capable of providing accurate time information, I’m now unable to login, please help.

If you have SSH or FTP access to your webhosting account, you can manually delete the plugin from your WordPress installation,
just delete the wp-content/plugins/google-authenticator directory, and you’ll be able to login using username/password again.

I don’t own a Smartphone, isn’t there another way to generate these secret codes ?

Yes, there is a webbased version here : https://gauth.apps.gbraad.nl/
Github project here : https://github.com/gbraad/gauth

Can I create backupcodes ?

No, but if you’re using an Android smartphone you can replace the Google Authenticator app with Authenticator Plus.
It’s a really nice app that can import your existing settings, sync between devices and backup/restore using your sd-card.
It’s not a free app, but it’s well worth the money.

Any known incompatabilities ?

Yes, the Man-in-the-middle attack/replay detection code isn’t compatible with the test/setup mode in the “Stop spammer registration plugin”,
please remember to remove the “Check credentials on all login attempts” checkmark before installing my plugin.

Avaliações

Incompitable with Woocommerce Login

Ward 8 de novembro de 2020
Works great in native wp-login.php form, but other forms through a critical site error if you attempt to login to a user that has 2fa enabled. Namely the woocommerce login form, in a scenario where 2fa is in a seperate page not the same form. I appreciate the dev work, and keep up the good work, but minor issues like are a big deal in production sites. Bots alone attempting to login can fill error log real quick.

Works perfectly

kaoec 13 de outubro de 2020
this plugin works perfectly, I’ve used it on many sites.

Simple and working

Ashod 18 de fevereiro de 2020
I like this plugin because it is simple and not creating failed login event like the 2FA option from WordFence. Do not get me wrong, WordFence is a very good plugin with amazing functionality, just the 2FA part is inconvenient. In WordFence, if I do not enter the code in the password field, I will get a failed login event if I am entering the code in a separate window. The Google Authenticator login window solves this problem by adding the Google Authenticator Code field into the login page. This creates a little confusion for novice users, but a small message label or check-mark can eliminate the confusion.

Must-have security plugin

Bart Kuijper 13 de novembro de 2019
Personally I feel 2FA should be a part of WordPress core. But since it isn't, plugins like this one are a must-have to secure your sites. The configuration interface is clearly layed out and the login page fits in perfectly with the default WP login page styling. This plugin is light-weight, unobtrusive, free and adds that extra layer of security. Should your admin credentials ever be compromised, 2FA will keep your site secure.

Caused a problem with my site

shefk 15 de outubro de 2019
When entering the settings I want to exit the settings page does not allow and reloads the same page

THIS PLUGIN SUCKS!!!!! DO NOT INSTALL OR YOU’LL BE STUCK

catwhipple 25 de setembro de 2019
I installed this plugin and after activating it and looking at the security page, decided not to go forward with it. I thought I could just go to my plugin listing and deactivate it (like all other plugins let you). But no such luck! Now my website is stuck on the activation page, and won't let me access anything else on my website. THIS PLUGIN SUCKS SHIT!!! AND SHOULD BE BANNED.
Leia todas as 123 avaliações

Colaboradores e desenvolvedores

“Google Authenticator” é um software com código aberto. As seguintes pessoas contribuíram para este plugin.

Colaboradores
  • Ivan

“Google Authenticator” foi traduzido para 14 localizações. Agradecemos aos tradutores por suas contribuições.

Traduzir “Google Authenticator” para o seu idioma.

Interessado no desenvolvimento?

Navegue pelo código, dê uma olhada no repositório SVN ou assine o registro de desenvolvimento via RSS.

Registro de alterações

0.53

  • Add a Polish translation

0.52

  • Add a Dutch translation
  • Add a Portuguese translation

0.51

  • Fix a regression that broke app passwords

0.50

  • New maintainer ivankk
  • Conditionally include base32 class

0.49

  • More streamlined sign-up flow for users, configuration screen for admins.
  • Multisite support to either enable 2fa by role on a site, and/or on a network.
  • Added filter google_authenticator_needs_setup to determine if user needs to enable 2fa.
  • Added two part login process that can ask for 2fa code on a second login screen.
  • Fixed a security bug that continued check_otp even if authenticate had already returned an error.

0.48

  • Security fix / compatability with WordPress 4.5

0.47

  • Google chart API replaced with jquery-qrcode
  • QR codes now contain a heading saying WordPress (Feature request by Flemming Mahler)
  • Danish translation & updated .pot file.
  • Plugin now logs login attempts recognized as Man-in-the-middle attacks.

0.46

  • Man-in-the-middle attack protection added.
  • Show warning before displaying the QR code.
  • FAQ updated.

0.45

  • Spaces in the description field should now work on iPhones.
  • Some depricated function calls replaced.
  • Code inputfield easier to use for .jp users now.
  • Sanitize description field input.
  • App password hash function switched to one that doesn’t have rainbow tables available.
  • PHP notices occurring during app password login removed.

0.44

  • Installation/FAQ section updated.
  • Simplified Chinese translation by Kaijia Feng added.
  • Tabindex on loginpage removed, no longer needed, was used by older WordPress installations.
  • Inputfield renamed to “googleotp”.
  • Defaultdescription changed to “WordPressBlog” to avoid trouble for iPhone users.
  • Compatibility with Ryan Hellyer’s plugin http://geek.ryanhellyer.net/products/deactivate-google-authenticator/
  • Must enter all 6 code digits.

0.43

  • It’s now possible for an admin to hide the Google Authenticaator settings on a per-user basis. (Feature request by : Skate-O)

0.42

  • Autocomplete disabled on code input field. (Feature request by : hiphopsmurf)

0.41

  • Italian translation by Aldo Latino added.

0.40

  • Bugfix, typo corrected and PHP notices removed. Thanks to Dion Hulse for his patch.

0.39

  • Bugfix, Description was not saved to WordPress database when updating profile. Thanks to xxdesmus for noticing this.

0.38

  • Usability fix, input field for codes changed from password to text type.

0.37

  • The plugin now supports “relaxed mode” when authenticating. If selected, codes from 4 minutes before and 4 minutes after will work. 30 seconds before and after is still the default setting.

0.36

  • Bugfix, now an App password can only be used for XMLRPC/APP-Request logins.

0.35

  • Initial WordPress app support added (XMLRPC).

0.30

  • Code cleanup
  • Changed generation of secret key, to no longer have requirement of SHA256 on the server
  • German translation

0.20

  • Initial release

Meta

  • Versão: 0.53
  • Última atualização: 3 meses atrás
  • Instalações ativas: 30.000+
  • Versão do WordPress: 4.5 ou maior
  • Testado até o WordPress: 5.6.2
  • Idiomas:

    Chinese (China), Czech, Danish, Dutch, English (US), French (France), Hebrew, Italian, Norwegian (Bokmål), Persian, Polish, Romanian, Slovak, Spanish (Spain) e Swedish.

    Traduza para o seu idioma

  • Tags:
    authenticationloginotppasswordsecurity
  • Panorama avançado

Classificações

Ver todas
  • 5 estrelas 96
  • 4 estrelas 7
  • 3 estrelas 2
  • 2 estrelas 1
  • 1 estrela 17
Faça o login para enviar uma avaliação.

Colaboradores

  • Ivan

Suporte

Problemas resolvidos nos dois últimos meses:

0 de 4

Ver fórum de suporte

  • Sobre
  • Blog
  • Hospedagem
  • Faça uma doação
  • Suporte
  • Desenvolvedores
  • Participe
  • Aprenda
  • Showcase
  • Plugins
  • Temas
  • WordCamp
  • WordPress.TV
  • BuddyPress
  • bbPress
  • WordPress.com
  • Matt
  • Privacidade
  • Public Code
  • @WordPress
  • WordPress

Código é Poesia.