Plugin Author
Paul
(@paultgoodchild)
Never really thought of that… I’ll see about adding this
Thanks for the idea!
Paul.
No worries. I also have a client who I trialled two factor auth and neither editors nor members did not get how to use it. So I only applied to to admins. Which is what level of access hackers try to get in anyway.
Plugin Author
Paul
(@paultgoodchild)
Would a minimum level work? Say, enforce 2-factor for all levels above… ‘Editor’?
Hi Paul,
It would be much better but I would not like to say it would work for me perfectly. I may want to have 2 factor for admins and contributors, leaving out editors. Oskar Hane’s plugin just does this well with simple checkboxes.
Is that more difficult to do?
Barnabas
Plugin Author
Paul
(@paultgoodchild)
Hey,
Yea, much easier to have a single option value instead of several; either way, it’ll take a few days to get this put through.
It should be in the next release though.
Cheers,
Paul.
Plugin Author
Paul
(@paultgoodchild)
Hi Barnabas,
I decided to get cracking on this and I’ve pushed out v2.5.6 which should allow you to select multiple roles that are subject to 2-factor auth.
Please let me know if this is what you were looking for.
Thanks,
Paul.
Hi Paul,
This works like a charm! Thanks so much.
Barnabas
Hi Paul,
Two issues:
1. When I unselect all roles and save, it auto selects Contributor and above. But this is the least issue.
2. I selected Admin role two factor for a site that uses S2 Member. When I logged in with my test editor it did not ask it to two factor which is how it should be. But then I logged in with my test member user that is assigned S2 Member level #1 and it asked me to two factor – which I do not want obviously!
For now I had to disable two factor for the whole site because of this.
Could you please help?
Barnabas
Plugin Author
Paul
(@paultgoodchild)
Hey Barnabas,
For #1 this is expected behaviour, because if you want to actually turn of Two-Factor authentication, you wouldn’t do it by deselecting the roles, you’d do it by deselecting the two-factor option itself.
#2, I’ve released v2.5.7 to hopefully address this. It’s hard to say because I can’t replicate the issue exactly, so I simplified the logic used to determine whether 2-factor would be applied to a role.
My concern might be how perhaps S2 Member is affecting roles and levels, but I’m not sure. Determining roles and levels in WordPress, like many things WordPress, is a dark art, so for now I’m going with this translation for roles and levels:
https://codex.ww.wp.xz.cn/Roles_and_Capabilities#User_Level_to_Role_Conversion
Let me know how this update works for you.
Cheers,
Paul.
Hi Paul,
1. “you’d do it by deselecting the two-factor option itself.” – how to do that? I did not find an option.
2. It WORKS!
Thanks a lot!
Barnabas
Plugin Author
Paul
(@paultgoodchild)
There are 2x two-factor auth options – one by IP address, the other by Cookie. Simply deselecting both these options will turn off 2-factor.
I see. Just a gentle feedback – it wasn’t obvious 😉
Logically both could have disabled the 2 factor.
1. Deselecting the users.
2. Deselecting the options.
The most obvious would be to add a tick box next to the two factor headline that says enable. If unticked it would disable it.
Plugin Author
Paul
(@paultgoodchild)
The problem is that it would be an extra option that doesn’t actually do anything more than the other two. I may add just some explanatory text to the section.
