Category / Projects

I am really happy to announce that I pushed version 1.1.0 of WP Google Authenticator today. This version is the biggest update since the first release of the plugin. It adds support for two things that have been asked in the past: apps passwords and role based activation.

Apps Passwords

You might be using the WordPress mobile app on your iPhone or Android phone. So far you could actually use the WordPress app without problem. The plugin was using the user agent to determine if the connection was made from the WordPress app, and if it was, the one time password was skipped. This, obviously, brings the additional security this plugin adds down.

I’m happy to say that this is no longer the case. It is still possible to use desktop editing applications (or web services) to connect to WordPress, but it will require a manual intervention from you. It is not that difficult, and the good part is that the plugin is no longer limited to the official WordPress mobile app.

From now on, if you want to use a service or application that requires your credentials to log into WordPress, […]

Continue reading →

WP Google Authenticator has just been updated to version 1.0.4. This new version only brings one change few changes, but it’s a pretty big one.

Account Recovery

There was one feature missing to the plugin until now: a way for users to log in their site even if they can’t access the Google Authenticator app. If you just changed your phone for instance: you re-install the app, but you don’t have all your profiles anymore. You’re locked out of your site.

With the new recovery feature, when you activate 2FA for your account, a recovery code is automatically generated.

After you generated the recovery code, it will appear in your profile for 5 minutes. After that delay, you can always see your recovery code, but you will need to enter your WordPress account password before you can see it.

Now, if you have to use this code in a situation where you can’t use the Authenticator app, you will be logged in just as usual, but  2FA will be disabled for your account.

Next step is to go to your profile page and re-enable 2-factor authentication. […]

Continue reading →