Descripción

The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

If You need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin,
but please note that enabling the App password feature will make your blog less secure.

Agradecimientos

Agradecimientos a:

Tobias Bäthge for his code rewrite and German translation.

Pascal de Bruijn for his “relaxed mode” idea.

Daniel Werl for his usability tips.

Dion Hulse for his bugfixes.

Aldo Latino for his Italian translation.

Kaijia Feng for his Simplified Chinese translation.

Alex Concha for his security tips.

Jerome Etienne for his jquery-qrcode plugin.

Sébastien Prunier for his Spanish and French translation.

Capturas

The enhanced log-in box.
Google Authenticator section on the Profile and Personal options page.
QR code on the Profile and Personal options page.
Google Authenticator app on Android

Instalación

Make sure your webhost is capable of providing accurate time information for PHP/WordPress, ie. make sure a NTP daemon is running on the server.
Instalar y activar el plugin.
Enter a description on the Users -> Profile and Personal options page, in the Google Authenticator section.
Scan the generated QR code with your phone, or enter the secret manually, remember to pick the time based one.
You may also want to write down the secret on a piece of paper and store it in a safe place.
Remember to hit the Update profile button at the bottom of the page before leaving the Personal options page.
Eso es todo, tu sitio WordPress es ahora un poco más seguro.

Preguntas frecuentes

Installation Instructions

Make sure your webhost is capable of providing accurate time information for PHP/WordPress, ie. make sure a NTP daemon is running on the server.
Instalar y activar el plugin.
Enter a description on the Users -> Profile and Personal options page, in the Google Authenticator section.
Scan the generated QR code with your phone, or enter the secret manually, remember to pick the time based one.
You may also want to write down the secret on a piece of paper and store it in a safe place.
Remember to hit the Update profile button at the bottom of the page before leaving the Personal options page.
Eso es todo, tu sitio WordPress es ahora un poco más seguro.

Can I use Google Authenticator for WordPress with the Android/iPhone apps for WordPress?

Yes, you can enable the App password feature to make that possible, but notice that the XMLRPC interface isn’t protected by two-factor authentication, only a long password.

I want to update the secret, should I just scan the new QR code after creating a new secret?

No, you’ll have to delete the existing account from the Google Authenticator app on your smartphone before you scan the new QR code, that is unless you change the description as well.

I am unable to log in using this plugin, what’s wrong ?

Los códigos de verificación de Google Authenticator están basados en el tiempo, por lo que es crucial que el reloj de tu teléfono sea preciso y esté sincronizado con el reloj del servidor donde está alojada la instalación de WordPress.
Si tienes un teléfono Android, puedes usar una aplicación como ClockSync para configurar tu reloj si tu proveedor de telefonía no proporciona información exacta del tiempo.
Otra opción es habilitar el “modo relajado” en los ajustes para el plugin, esto permitirá códigos más válidos permitiendo un máximo de 4 min. de desfase en ambas direcciones.

I have several users on my WordPress installation, is that a supported configuration ?

Yes, each user has his own Google Authenticator settings.

During installation I forgot the thing about making sure my webhost is capable of providing accurate time information, I’m now unable to login, please help.

Si tiene acceso SSH o FTP a tu cuenta de alojamiento web, puede eliminar manualmente el plugin de tu instalación de WordPress,
Simplemente elimina el directorio wp-content/plugins/google-authenticator y podrás volver a iniciar sesión con nombre de usuario/contraseña.

I don’t own a Smartphone, isn’t there another way to generate these secret codes ?

Sí, hay una versión basada en la web aquí: http://gauth.apps.gbraad.nl/
Proyecto de Github aquí: https://github.com/gbraad/html5-google-authenticator

Can I create backupcodes ?

No, but if you’re using an Android smartphone you can replace the Google Authenticator app with Authenticator Plus.
It’s a really nice app that can import your existing settings, sync between devices and backup/restore using your sd-card.
It’s not a free app, but it’s well worth the money.

Any known incompatabilities ?

Yes, the Man-in-the-middle attack/replay detection code isn’t compatible with the test/setup mode in the “Stop spammer registration plugin”,
please remember to remove the “Check credentials on all login attempts” checkmark before installing my plugin.

Reseñas

best free 2fa plugin I’ve found

admadan

The plugin has sadly not been updated in a while, but I've been using it for years without any issues. I just recently rechecked it after seeing other reviews that the plugin is just a facade. The plugin prevents me from login in with correct password and username if I either enter a wrong 6 digit code or leave the code field blank. So, so far so good on my end. I'm on WP 5.1

It works for me

qsdnxu

Easy to set up just search on it under your profil settings, don't forget to tick the ACTIVEATE box too! Or else it won't work. @mbrsolution You were right I might miss that, even if I checked it twice. I changed my rating too! Thanks for the plugin!

Perfect totally free 2FA WP tool

kszewczyk

Perfect totally free 2FA WP tool!

Simple and does exactly what you need

adshap8

Google Authentication made simple. I wish the plugin still received updates, but for now it still works!

Appears to work but any number sting passes

mwmayheu

The active button was easy to miss, but appears to work once enabled.

Works like a charm

gerwyn

Love this plugin, have it installed on most of my sites. It provides a brilliant 2FA to the login stage. Handy tip: Once installed and activated the plugin, head to Users > find your profile. Click Edit. Scroll down to Google Authenticator Settings Tick the box next to Active In Description give your site a user friendly name. Click Show/Hide QR Code. Now open your Google Authenticator app, click on the + and scan in the QR code shown by WordPress. Next time you log in you'll need to provide your user name & password as before, along with a time sensitive 6 digit code from the Google Authenticator app.

Leer todas las 116 reseñas

Colaboradores y desarrolladores

“Google Authenticator” es un software de código abierto. Las siguientes personas han colaborado con este plugin.

Henrik Schack

“Google Authenticator” ha sido traducido a 10 idiomas. Gracias a los traductores por sus contribuciones.

Traduce “Google Authenticator” a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN , o suscríbete al log de desarrollo por RSS .

Registro de cambios

0.48

Security fix / compatability with WordPress 4.5

0.47

Google chart API replaced with jquery-qrcode
QR codes now contain a heading saying WordPress (Feature request by Flemming Mahler)
Danish translation & updated .pot file.
Plugin now logs login attempts recognized as Man-in-the-middle attacks.

0.46

Man-in-the-middle attack protection added.
Show warning before displaying the QR code.
FAQ updated.

0.45

Spaces in the description field should now work on iPhones.
Some depricated function calls replaced.
Code inputfield easier to use for .jp users now.
Sanitize description field input.
App password hash function switched to one that doesn’t have rainbow tables available.
PHP notices occurring during app password login removed.

0.44

Installation/FAQ section updated.
Simplified Chinese translation by Kaijia Feng added.
Tabindex on loginpage removed, no longer needed, was used by older WordPress installations.
Inputfield renamed to “googleotp”.
Defaultdescription changed to “WordPressBlog” to avoid trouble for iPhone users.
Compatibility with Ryan Hellyer’s plugin http://geek.ryanhellyer.net/products/deactivate-google-authenticator/
Must enter all 6 code digits.

0.43

It’s now possible for an admin to hide the Google Authenticaator settings on a per-user basis. (Feature request by : Skate-O)

0.42

Autocomplete disabled on code input field. (Feature request by : hiphopsmurf)

0.41

Italian translation by Aldo Latino added.

0.40

Bugfix, typo corrected and PHP notices removed. Thanks to Dion Hulse for his patch.

0.39

Bugfix, Description was not saved to WordPress database when updating profile. Thanks to xxdesmus for noticing this.

0.38

Usability fix, input field for codes changed from password to text type.

0.37

The plugin now supports “relaxed mode” when authenticating. If selected, codes from 4 minutes before and 4 minutes after will work. 30 seconds before and after is still the default setting.

0.36

Bugfix, now an App password can only be used for XMLRPC/APP-Request logins.

0.35

Initial WordPress app support added (XMLRPC).

0.30

Code cleanup
Changed generation of secret key, to no longer have requirement of SHA256 on the server
German translation

0.20

Version inicial

WordPress.org

Español