This is a plugin for WordPress that provides multifactor authentication with one-time passwords using the Yubikey USB token.
The plugin uses the Yubico Web service API in the authentication process.
The one-time password requirement can be enabled on a per user basis.
- Buy a Yubikey
- Create a Yubico ID & API Key
- Unzip plugin into your /wp-content/plugins/ directory.
- Enter Key ID on the Users -> Profile and Personal options page.
- Enter Yubico ID & API key on the Settings -> Yubikey options page.
Id/key confused ? Well the Key ID is the first 12 chars from the output Your Yubikey generates,
they don’t change, the Yubico ID and API Key is used when communicating with the Yubico authentication server.
- How much does the Yubikey cost ?
A single Yubikey is $40
- Are there any special requirements for my WordPress/PHP installation ?
PHP5 with Hash & Curl libs enabled.
- I have a lot of users on my WordPress installation, do they all need Yubikeys ?
No the plugin can be enabled on a per user basis.
Contributors & Developers
“yubikey-plugin” is open source software. The following people have contributed to this plugin.Contributors
Translate “yubikey-plugin” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Yubi API Version 2 Implemented
Darn SVN messing me up
Working with more recent API from YubiKey
Some depricated stuff removed.
Tab index on login page remove.
API key URL updated
- Version mess fixed
- Styling on descriptions added, once again thanks to Uwe Moosheimer
- German translation by Uwe Moosheimer added
- Tab index fix on registration page
- Support for multiple Yubikeys per account.
- Tested with WordPress 3.1.1
- Russian translation contributed by M. Comfi http://www.comfi.com/
- WordPress global var $is_profile_page has been changed into a constant
- IS_PROFILE_PAGE. Thanks to Koen Vervloesem for reporting this.
- More multiuser friendly version. Now, a Yubikey can be registered during
- registration. An Administrator can disable the OTP requirement for other users
- Initial release