{"id":16855,"date":"2012-02-09T17:08:16","date_gmt":"2012-02-09T17:08:16","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/wordpress-plugin-for-securepass\/"},"modified":"2012-02-09T18:34:14","modified_gmt":"2012-02-09T18:34:14","slug":"wordpress-plugin-for-securepass","status":"publish","type":"plugin","link":"https:\/\/tw.wordpress.org\/plugins\/wordpress-plugin-for-securepass\/","author":8975444,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"0.1","stable_tag":"trunk","tested":"3.3.2","requires":"3.0","requires_php":"","requires_plugins":"","header_name":"SecurePass authentication","header_author":"Giuseppe Paterno' (gpaterno@gpaterno.com)","header_description":"","assets_banners_color":"","last_updated":"2012-02-09 18:34:14","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/gpaterno\/wp-securepass","header_author_uri":"http:\/\/www.gpaterno.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":1312,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","changelog"],"tags":[],"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":0},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[9210,600],"plugin_category":[54],"plugin_contributors":[129740],"plugin_business_model":[],"class_list":["post-16855","plugin","type-plugin","status-publish","hentry","plugin_tags-otp","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-gpaterno","plugin_committers-gpaterno"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/wordpress-plugin-for-securepass.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>A lot of web sites, even well known ones (newspapers, telcos, ...) adopts \nWordPress as their CMS. WordPress is a great platform, however it\ncan happen that password leaking or guessing might lead to unauthorized\naccess to the platform. A potential attacker can be therefore able to \nchange articles, part of the web site and\/or make the website unavailable,\nwith image and economic damages for a company or for a blogger.\nThis is even more true if your website is not SSL protected.<\/p>\n\n<p>SecurePass is a SaaS service offering an easy and affordable solution\nfor One Time Passwords (OTP) and strong authentication in general. They \noffer 5 users for free included with their standard (=basic) account, which\nis more than enough for standard blogs and web sites. Companies can purchase\nadditional users, if needed.<\/p>\n\n<p>More information on the section \"Setup and configure SecurePass\" in Other Notes.\nTo open a SecurePass account go to http:\/\/www.secure-pass.net\/open<\/p>\n\n<h3>Setup and configure SecurePass<\/h3>\n\n<p>If you don't own already an account with SecurePass, you can sign-up for a new account here: http:\/\/www.secure-pass.net\/open<\/p>\n\n<p>Note: Use \"misec2011\" as promo code, it will give you an entitlement for using \nSecurePass up to 10 users for 2 years free-of-charge. Without any promo code,\nyou will have 5 users for 20 years for free. It depends on what you need (more users or more years).<\/p>\n\n<p>Connect to the admin interface on https:\/\/admin.secure-pass.net \nand create a new device (basically a RADIUS client).<\/p>\n\n<p>In the admin interface, go to the \"Device\" section and add a new device. \nYou will need to set the public IP Address of the server, a fully qualified \ndomain name (FQDN), and the secret password for the radius authentication. \nIt's ok if your web server is behind a firewall and\/or NAT, ensure that\nyour server has rights to send (and receive) RADIUS authentication requests,\ni.e. UDP port 1812.<\/p>\n\n<h3>Further reading<\/h3>\n\n<ul>\n<li><p>This plugin web site: \nhttps:\/\/github.com\/gpaterno\/wp-securepass\/<\/p><\/li>\n<li><p>SecurePass web site: \nhttp:\/\/www.secure-pass.net\/<\/p><\/li>\n<li><p>UK on-line shop for SecurePass (they sell hardware tokens):\nhttp:\/\/shop.nervinesecurity.com\/<\/p><\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Create a 'wp-securepass' directory in '\/wp-content\/plugins\/'<\/li>\n<li>Copy 'securepass.php' and 'radius.class.php' in '\/wp-content\/plugins\/wp-securepass\/'<\/li>\n<li>Open the file 'securepass.php' and change the variable $radius_secret with your own secret as set in SecurePass admin<\/li>\n<li>Create a local user that matches a user in SecurePass. Note: The admin user will be no longer checked locally.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress<\/li>\n<\/ol>\n\n<h4>More information<\/h4>\n\n<p>Edit the securepass.php file and change $radius_secret variable to reflect\nthe secret password as specified in the \"Device\" specified in the SecurePass\nadministration panel. The variable $radius_host contains the primary\nRADIUS server of SecurePass, located in Switzerland (Lugano). \nA secondary RADIUS is available in Italy (Milan), if you prefer this\nlocation change $radius_host to 'radius2.secure-pass.net'.<\/p>\n\n<p>WARNING!!! Before activating this plugin, create an user in wordpress that\nmatches a username in SecurePass and grant full administrative powers.\nThis because the admin user will be no longer checked locally. In case you \nwon't be able to login anymore, a workaround is moving the securepass plugin \ndirectory to another directory name, ex: \"mv securepass securepass.old\".<\/p>\n\n<!--section=changelog-->\n<h4>0.1<\/h4>\n\n<p>Initial code of the plugin<\/p>","raw_excerpt":"This is a plugin to autheticate users through the SecurePass One Time Passwords service.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/16855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=16855"}],"author":[{"embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/gpaterno"}],"wp:attachment":[{"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=16855"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=16855"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=16855"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=16855"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=16855"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/tw.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=16855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}