Yubikey 2 factor authentication for wordpress (U2F)

At last my Yubikey arrived!
yubikey_edge
Yubikey-edge to be more precise.

First thing I wanted to do is to enable 2factor authentication for this blog :)


I’ve noticed that yubico has an old info about wordpress plugin for yubikey.
Plugin seems to work fine, but it uses Yubico Web service API for authentication, despite that U2F protocol’s technical specifications were published by google pretty long time ago.
After some time has passed, wordpress 2nd auth plugin with U2F support was released.


Installation instructions for an u2f wp plugin version:

Connect to Your wordpress docroot (I assume You do have ssh credentials), and navigate to plugin directory:

download the latest plugin from github:

go to plugin library dir:

and get the latest u2f php library:



Now login to Your wordpress and navigate to plugins list.
U2F plugin should appear, activate it:
u2f_plugin
Then, navigate to Users on left menu, and You’ll see additional “Your security key” item in submenu. Press it.
your_security_key
Then press “Register” button, insert Your yubikey, and press Yubikey button.
That’s it, Your key is registered :)

Testing:

Logout from admin panel, and try to login again.
After filling the username and password, You should see this:
insert_your_key
I don’t think that message requires additional explanation :)

Leave a Reply