Title: SecurePass authentication Author: gpaterno Published: 2012 年 2 月 9 日 Last modified: 2012 年 2 月 9 日 --- 搜尋外掛 這個外掛**並未在最新的 3 個 WordPress 主要版本上進行測試**。開發者可能不再對這個 外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。 ![](https://s.w.org/plugins/geopattern-icon/wordpress-plugin-for-securepass.svg) # SecurePass authentication 由 [gpaterno](https://profiles.wordpress.org/gpaterno/) 開發 [下載](https://downloads.wordpress.org/plugin/wordpress-plugin-for-securepass.zip) * [詳細資料](https://tw.wordpress.org/plugins/wordpress-plugin-for-securepass/#description) * [使用者評論](https://tw.wordpress.org/plugins/wordpress-plugin-for-securepass/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/wordpress-plugin-for-securepass/#installation) * [開發資訊](https://tw.wordpress.org/plugins/wordpress-plugin-for-securepass/#developers) [技術支援](https://wordpress.org/support/plugin/wordpress-plugin-for-securepass/) ## 外掛說明 A lot of web sites, even well known ones (newspapers, telcos, …) adopts WordPress as their CMS. WordPress is a great platform, however it can happen that password leaking or guessing might lead to unauthorized access to the platform. A potential attacker can be therefore able to change articles, part of the web site and/or make the website unavailable, with image and economic damages for a company or for a blogger. This is even more true if your website is not SSL protected. SecurePass is a SaaS service offering an easy and affordable solution for One Time Passwords (OTP) and strong authentication in general. They offer 5 users for free included with their standard (=basic) account, which is more than enough for standard blogs and web sites. Companies can purchase additional users, if needed. More information on the section “Setup and configure SecurePass” in Other Notes. To open a SecurePass account go to http://www.secure-pass.net/open ### Setup and configure SecurePass If you don’t own already an account with SecurePass, you can sign-up for a new account here: http://www.secure-pass.net/open Note: Use “misec2011” as promo code, it will give you an entitlement for using SecurePass up to 10 users for 2 years free-of-charge. Without any promo code, you will have 5 users for 20 years for free. It depends on what you need (more users or more years). Connect to the admin interface on https://admin.secure-pass.net and create a new device (basically a RADIUS client). In the admin interface, go to the “Device” section and add a new device. You will need to set the public IP Address of the server, a fully qualified domain name ( FQDN), and the secret password for the radius authentication. It’s ok if your web server is behind a firewall and/or NAT, ensure that your server has rights to send( and receive) RADIUS authentication requests, i.e. UDP port 1812. ### Further reading * This plugin web site: https://github.com/gpaterno/wp-securepass/ * SecurePass web site: http://www.secure-pass.net/ * UK on-line shop for SecurePass (they sell hardware tokens): http://shop.nervinesecurity. com/ ## 安裝方式 1. Create a ‘wp-securepass’ directory in ‘/wp-content/plugins/’ 2. Copy ‘securepass.php’ and ‘radius.class.php’ in ‘/wp-content/plugins/wp-securepass/’ 3. Open the file ‘securepass.php’ and change the variable $radius_secret with your own secret as set in SecurePass admin 4. Create a local user that matches a user in SecurePass. Note: The admin user will be no longer checked locally. 5. Activate the plugin through the ‘Plugins’ menu in WordPress #### More information Edit the securepass.php file and change $radius_secret variable to reflect the secret password as specified in the “Device” specified in the SecurePass administration panel. The variable $radius_host contains the primary RADIUS server of SecurePass, located in Switzerland (Lugano). A secondary RADIUS is available in Italy (Milan), if you prefer this location change $radius_host to ‘radius2.secure-pass.net’. WARNING!!! Before activating this plugin, create an user in wordpress that matches a username in SecurePass and grant full administrative powers. This because the admin user will be no longer checked locally. In case you won’t be able to login anymore, a workaround is moving the securepass plugin directory to another directory name, ex: “mv securepass securepass.old”. ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈SecurePass authentication〉的開發相關工作。 參與者 * [ gpaterno ](https://profiles.wordpress.org/gpaterno/) [將〈SecurePass authentication〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/wordpress-plugin-for-securepass) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/wordpress-plugin-for-securepass/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/wordpress-plugin-for-securepass/), 或透過 [RSS](https://plugins.trac.wordpress.org/log/wordpress-plugin-for-securepass/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/wordpress-plugin-for-securepass/)。 ## 變更記錄 #### 0.1 Initial code of the plugin ## 中繼資料 * 版本 **0.1** * 最後更新 **14 年前** * 啟用安裝數 **少於 10 次** * WordPress 版本需求 ** 3.0 或更新版本 ** * 已測試相容的 WordPress 版本 **3.3.2** * 語言 * [English (US)](https://wordpress.org/plugins/wordpress-plugin-for-securepass/) * 標籤: * [otp](https://tw.wordpress.org/plugins/tags/otp/)[security](https://tw.wordpress.org/plugins/tags/security/) * [進階檢視](https://tw.wordpress.org/plugins/wordpress-plugin-for-securepass/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/wordpress-plugin-for-securepass/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/wordpress-plugin-for-securepass/reviews/) ## 參與者 * [ gpaterno ](https://profiles.wordpress.org/gpaterno/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/wordpress-plugin-for-securepass/)