Yubikey 2 factor authentication for wordpress (U2F)



At last my Yubikey arrived!
Yubikey-edge to be more precise.

First thing I wanted to do is to enable 2factor authentication for this blog :)

I’ve noticed that yubico has an old info about wordpress plugin for yubikey.
Plugin seems to work fine, but it uses Yubico Web service API for authentication, despite that U2F protocol’s technical specifications were published by google pretty long time ago.
After some time has passed, wordpress 2nd auth plugin with U2F support was released.

Installation instructions for an u2f wp plugin version:

Connect to Your wordpress docroot (I assume You do have ssh credentials), and navigate to plugin directory:

cd wp-content/plugins

download the latest plugin from github:

git clone https://github.com/shield-9/u2f-login.git

go to plugin library dir:

cd u2f-login-master/lib

and get the latest u2f php library:

git clone https://github.com/shield-9/php-u2flib-server.git

Now login to Your wordpress and navigate to plugins list.
U2F plugin should appear, activate it:
Then, navigate to Users on left menu, and You’ll see additional “Your security key” item in submenu. Press it.
Then press “Register” button, insert Your yubikey, and press Yubikey button.
That’s it, Your key is registered :)


Logout from admin panel, and try to login again.
After filling the username and password, You should see this:
I don’t think that message requires additional explanation :)


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.