Wordpress Strong Authentication lets you authenticate users with a second\nfactor of possession.<\/p>\n\n
Only if the user is able to provide this second factor, he is allowed to login.\nSuch a second factor can be an OTP display card, an OTP hardware token, a Yubikey,\na smartphone App like the Google Authenticator or access to an mobile phone\nto receive an SMS or access to an email account.<\/p>\n\n
The use then needs to authenticate with his wordpress password and in addition with\na code, generated by his device or sent via email or SMS.<\/p>\n\n
All the devices are managed in the backend (privacyIDEA)[http:\/\/privacyidea.org], the Strong Authentication\nplugin forwards authentication requests to this backend, which you can easily run\non the same machine or anywhere in your network.<\/p>\n\n
Please add at least a hostname or IP address of your backend server privacyIDEA.\nYou need to enter the hostname together with the protocol and the port, if it is\nnot a standard port.\nIf you are using self signed certificates, you should disable the verification of hostname and peer.<\/p>\n\n
Please note: You need to have the same users in the LinOTP server. \nYou can achieve this by configuring an SQL Resolver and presetting this to\nWordpress.<\/p>\n\n
If you misconfigured the plugin, you might not be able to authenticate anymore!<\/p>\n\n
So it is always a good idea to add some users to the \"excluded users\" list.\nThese users will be able to authenticate without a second factor and\neven if the authentication server should be down.<\/p>\n\n
Another possibility is to disable the plugin by removing or renaming the \nplugin directory.\nIn this case is will fall back to the old wordpress passwords.<\/p>\n\n\n
You can install this plugin from within your wordpress plugin menu.<\/p>\n\n
Alternatively you can install it manually:<\/p>\n\n
For installing the wordpress plugin simply copy the file \nwp-strong-authentication.php to the wordpress directory<\/p>\n\n
.\/wp-content\/plugins<\/p>\n\n\n
Q: What happens if my authentication backend is offline?<\/p>\n\n
A: If your authentication backend is offline, the users are not able\n to authenticate with OTP. This is the same as if you SQL server is down\n or your LDAP server is not reachable.<\/p>\n\n
Alas, you can configure certain users, who will not be authenticated against\n the backend but within wordpres. This can be an emergency entry.<\/p>\n\n\n
1.2.1<\/p>\n\n
1.2<\/p>\n\n
1.1.1<\/p>\n\n
1.1<\/p>\n\n
1.0<\/p>\n\n