{"id":46230,"date":"2009-07-22T13:12:39","date_gmt":"2009-07-22T13:12:39","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/one-time-password\/"},"modified":"2013-03-02T10:46:16","modified_gmt":"2013-03-02T10:46:16","slug":"one-time-password","status":"closed","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/one-time-password\/","author":349621,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"2.31","stable_tag":"2.31","tested":"3.5.2","requires":"2.8","requires_php":"","requires_plugins":"","header_name":"One-Time Password","header_author":"Marcel Bokhorst","header_description":"","assets_banners_color":"","last_updated":"2013-03-02 10:46:16","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.paypal.com\/cgi-bin\/webscr?cmd=_donations&business=AJSBB7DGNA3MJ&lc=US&item_name=One%2dTime%20Password%20WordPress%20Plugin&item_number=Marcel%20Bokhorst¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted","header_plugin_uri":"http:\/\/blog.bokhorst.biz\/2200\/computers-en-internet\/wordpress-plugin-one-time-password\/","header_author_uri":"http:\/\/blog.bokhorst.biz\/about\/","rating":0,"author_block_rating":0,"active_installs":10,"downloads":13875,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog","other_notes"],"tags":[],"upgrade_notice":{"2.29":"

Romanian translation<\/p>","2.28":"

Compliance<\/p>","2.27":"

Rusian translation<\/p>","2.26":"

Compatibility<\/p>","2.25":"

Compatibility<\/p>","2.24":"

Compatibility<\/p>","2.23":"

Compatibility<\/p>","2.22":"

Compatibility<\/p>","2.21":"

Polish translation<\/p>","2.17":"

Compatibility<\/p>","2.14":"

Compatibility<\/p>","2.15":"

French translation, compatibility<\/p>","2.13":"

New feature: remove donate button<\/p>","2.12":"

Compatibility<\/p>","2.11":"

Compatibility<\/p>","2.8.6":"

Compatibility<\/p>","2.8.5":"

Compatibility<\/p>","2.8.3":"

Fixed incompatibility with GD Star Rating plugin<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":0},"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.1","0.2","0.3","0.4","0.5","1.0","1.1","1.2","1.3","1.4","2.0","2.1","2.10","2.11","2.12","2.13","2.14","2.15","2.16","2.17","2.18","2.19","2.2","2.20","2.21","2.22","2.23","2.24","2.25","2.26","2.27","2.28","2.29","2.3","2.31","2.4","2.5","2.5.1","2.5.2","2.6","2.6.1","2.6.2","2.6.3","2.7","2.7.1","2.8","2.8.1","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.9"],"block_files":[],"assets_screenshots":{"screenshot-4.png":{"filename":"screenshot-4.png","revision":"1539213","resolution":"4","location":"plugin"},"screenshot-2.png":{"filename":"screenshot-2.png","revision":"1539213","resolution":"2","location":"plugin"},"screenshot-3.png":{"filename":"screenshot-3.png","revision":"1539213","resolution":"3","location":"plugin"},"screenshot-1.png":{"filename":"screenshot-1.png","revision":"1539213","resolution":"1","location":"plugin"}},"screenshots":{"1":"The login screen displaying a challenge","2":"The one-time password list with the requested password","3":"The OTPGen<\/a> application on a phone that supports JavaME<\/a> (optional)","4":"The authorize window for an administrative action (optional)"}},"plugin_section":[],"plugin_tags":[83,710,602,1930,600],"plugin_category":[38,51,54],"plugin_contributors":[],"plugin_business_model":[],"class_list":["post-46230","plugin","type-plugin","status-closed","hentry","plugin_tags-admin","plugin_tags-authentication","plugin_tags-login","plugin_tags-password","plugin_tags-security","plugin_category-authentication","plugin_category-multisite","plugin_category-security-and-spam-protection","plugin_committers-m66b"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/one-time-password.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/one-time-password\/trunk\/screenshot-1.png?rev=1539213","caption":"The login screen displaying a challenge"},{"src":"https:\/\/ps.w.org\/one-time-password\/trunk\/screenshot-2.png?rev=1539213","caption":"The one-time password list with the requested password"},{"src":"https:\/\/ps.w.org\/one-time-password\/trunk\/screenshot-3.png?rev=1539213","caption":"The OTPGen<\/a> application on a phone that supports JavaME<\/a> (optional)"},{"src":"https:\/\/ps.w.org\/one-time-password\/trunk\/screenshot-4.png?rev=1539213","caption":"The authorize window for an administrative action (optional)"}],"raw_content":"\n

This plugin is no longer supported<\/strong><\/p>\n\n

This simple to use plugin enables you to login to your WordPress weblog using passwords which are valid for one session only. One-time passwords prevent stealing of your main WordPress password in less trustworthy environments, like internet caf\u00e9s, for example by keyloggers. The one-time password system conforms to RFC 2289<\/a> of the Internet Engineering Task Force<\/a> (IETF).<\/p>\n\n

Version 2 of this plugin has a new option to protect administrative actions by one-time passwords. This option is disabled by default and only available when you logged-in with a one-time password. It is possible to define exceptions. The default exceptions are viewing the dashboard, adding a post (but not saving it) and logging out.<\/em><\/p>\n\n

See Other Notes<\/a> for usage instructions.<\/p>\n\n

This plugin requires at least PHP 5<\/strong><\/p>\n\n

Please report any issue you have with this plugin on the support page<\/a>, so I can at least try to fix it. If you rate this plugin low, please let me know why<\/a>.<\/p>\n\n

See my other plugins<\/a>.<\/p>\n\n\n

Using the WordPress dashboard<\/em><\/p>\n\n

    \n
  1. Login to your weblog<\/li>\n
  2. Go to Plugins<\/li>\n
  3. Select Add New<\/li>\n
  4. Search for One-Time Password<\/li>\n
  5. Select Install<\/li>\n
  6. Select Install Now<\/li>\n
  7. Select Activate Plugin<\/li>\n<\/ol>\n\n

    Manual<\/em><\/p>\n\n

      \n
    1. Download and unzip the plugin<\/li>\n
    2. Upload the entire one-time-password\/ directory to the \/wp-content\/plugins\/ directory<\/li>\n
    3. Activate the plugin through the Plugins menu in WordPress<\/li>\n<\/ol>\n\n

      Amit Banerjee wrote an excellent guide<\/a> to setup the plugin.<\/p>\n\n\n

      \n
      Should the pass-phrase be equal to my main password?<\/dt>\n

      No, but it could be.<\/p><\/dd>\n

      Should I remember the pass-phrase?<\/dt>\n

      No, if you plan to use a printed one-time password list only.<\/p>\n\n

      Yes, if you plan to use a one-time password generator,\non your iPhone<\/a> (not tried)\nor on Android<\/a> (tried with success)\nor on mobile phones that support JavaME<\/a>, for example using\nj2me-otp<\/a> (not tried) or\nOTPGen<\/a> (tried with success).<\/p>\n\n

      If you are using a one-time password generator, you can safely generate a new password list using a one-time password\nby entering this password in the pass-phrase field and by checking Pass-phrase is a One-Time Password<\/em>.\nThe sequence number should be entered into the Count\/sequence<\/em> field. In this case no password list will be displayed.<\/p><\/dd>\n

      Are pass-phrases to generate one-time password lists stored?<\/dt>\n

      No.<\/p><\/dd>\n

      What should I do when I have lost my one-time password list?<\/dt>\n

      Revoke it as soon as possible. Generating a new one-time password list will revoke the existing list automatically.\nDo not generate a new one-time password list with the same pass-phrase, seed and algorithm (at least one should be different).<\/p><\/dd>\n

      Can I generate a one-time password list again?<\/dt>\n

      Yes, if you remember the pass-phrase, seed and algorithm, but the one-time password sequence will be reset.<\/p><\/dd>\n

      Are one-time passwords case sensitive?<\/dt>\n

      No.<\/p><\/dd>\n

      How do I choose between logging-in using a one-time password or my main WordPress password?<\/dt>\n

      Simply enter the password of your choice into the WordPress password box.<\/p><\/dd>\n

      How can I change the styling?<\/dt>\n
        \n
      1. Copy wp-otp.css<\/em> to your theme directory to prevent it from being overwritten by an update<\/li>\n
      2. Change the style sheet to your wishes; the style sheet contains documentation<\/li>\n<\/ol><\/dd>\n
        Why does this plugin require at least WordPress version 2.8?<\/dt>\n

        Because the new authenticate<\/em> filter is used.\nSee this article<\/a> for more details.<\/p><\/dd>\n

        Is this plugin multi-user?<\/dt>\n

        Yes, since version 0.5.<\/p><\/dd>\n

        Will this plugin work with WordPress MU?<\/dt>\n

        Yes, since version 1.2.<\/p><\/dd>\n

        Why does this plugin require at least PHP version 5.0.0?<\/dt>\n

        Because this is a requirement of the PHP One-Time Passwords class<\/a> and\nbecause the try-catch<\/em> construction is used as a fail-safe for the login screen.<\/p><\/dd>\n

        Who can modify the one-time password options?<\/dt>\n

        Users with manage_options<\/em> capability, normally only administrators.<\/p><\/dd>\n

        What is the scope of the one-time password options?<\/dt>\n

        Site wide.<\/p><\/dd>\n

        How does the integration with the http:BL plugin work?<\/dt>\n

        First of all the integration with the http:BL plugin<\/a>\nhas to be enabled using the settings menu.\nIf enabled, you can navigate to the login url of your blog, even if http:BL would normally block it.\nA warning indication the age, level and threat type is displayed above the login window.\nYou can login only using a one-time password, not with your user name and password.\nAfter logging in, you can navigate to any part of your weblog, until you sign out.\nNote that before logging in only wp-login.php<\/em> is available and no other addresses like \/wp-admin\/<\/em>.<\/p>\n\n

        I recommend installing Invalidate Logged Out Cookies<\/a> for more security.<\/p><\/dd>\n

        How does the integration with Bad Behavior work?<\/dt>\n

        If you enable the option to disable Bad Behavior<\/a> on the login page using the settings menu the Bad Behavior plugin will be disabled.\nTo re-enabled the Bad Behavior plugin you have to disable this option first.\nWhen this option is enabled the one-time password plugin will load the Bad Behavior plugin instead of WordPress, except for the login page and for every other page when you are logged in using a one-time password.\nUnfortunately it is not possible (yet) to display a warning on the login page that Bad Behavior would block access.<\/p><\/dd>\n

        Will RFC 4226 be supported?<\/dt>\n

        No, RFC 4226 requires a symmetric key, which should be stored. WordPress does not provide a safe way to store keys.<\/p><\/dd>\n

        Where can I ask questions, report bugs and request features?<\/dt>\n

        You can write a comment on the support page<\/a>.<\/p><\/dd>\n\n<\/dl>\n\n\n

        Development version<\/h4>\n\n