readme.txt 3.45 KB
Newer Older
Erick Hitter's avatar
Erick Hitter committed
1
=== Authy for WordPress ===
Erick Hitter's avatar
Erick Hitter committed
2
Contributors: ethitter
Erick Hitter's avatar
Erick Hitter committed
3
Tags: authentication, authy, two factor, security, login, authenticate
Erick Hitter's avatar
Erick Hitter committed
4
Requires at least: 3.5
Erick Hitter's avatar
Erick Hitter committed
5
Tested up to: 3.6
Erick Hitter's avatar
Erick Hitter committed
6
Stable tag: 0.3
Erick Hitter's avatar
Erick Hitter committed
7 8 9
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Erick Hitter's avatar
Erick Hitter committed
10
Add Authy two-factor authentication to WordPress. Users opt in for an added level of security that relies on random codes from their mobile devices.
Erick Hitter's avatar
Erick Hitter committed
11 12

== Description ==
Erick Hitter's avatar
Erick Hitter committed
13
Enable the plugin, enter your [Authy](http://www.authy.com/) API keys, and your users can enable Authy on their accounts.
Erick Hitter's avatar
Erick Hitter committed
14

15
Once users configure Authy through their WordPress user profiles, any login attempts will require an Authy token in addition to the account username and password.
Erick Hitter's avatar
Erick Hitter committed
16

Erick Hitter's avatar
Erick Hitter committed
17 18
For users with mobile devices that don't support the Authy app, they can receive their tokens via SMS.

Erick Hitter's avatar
Erick Hitter committed
19 20
For convenience, especially in a network instance, API keys can be set in `wp-config.php`.

21 22
Plugin development is found at https://github.com/ethitter/Authy-for-WP.

Erick Hitter's avatar
Erick Hitter committed
23 24 25 26
== Installation ==

1. Install the plugin either via your site's dashboard, or by downloading the plugin from WordPress.org and uploading the files to your server.
2. Activate plugin through the WordPress Plugins menu.
Erick Hitter's avatar
Erick Hitter committed
27
3. Navigate to **Settings > Authy for WP** to enter your Authy API keys, or set your API keys in `wp-config.php` as described in the FAQ.
Erick Hitter's avatar
Erick Hitter committed
28 29 30

== Frequently Asked Questions ==

31
= How can a user disable Authy after enabling it? =
Erick Hitter's avatar
Erick Hitter committed
32
The user should return to his or her WordPress profile screen and manage connections under the section *Authy for WordPress*.
33 34

= What if a user loses the mobile device? =
Erick Hitter's avatar
Erick Hitter committed
35 36 37 38 39 40 41 42 43 44 45 46 47 48
Any administrator (anyone with the `create_users` capability, actually) can disable Authy on a given user account by navigating to that user's WordPress account profile, and following the instructions under *Authy for WordPress*.

= Can I limit the user roles able to use Authy for WordPress? =
The allowed user roles can be set on the plugin settings page.

= How do I set the API keys in wp-config.php? =
In a variety of situations, setting the API keys via the plugin's settings page can be undesirable. For example, when network-activating *Authy for WordPress* in a WordPress Multisite (Network) setup. Recognizing this, API keys can be set in `wp-config.php`.

To take advantage of this option, add the following entries to your site's `wp-config.php` before the `/* That's all, stop editing! Happy blogging. */` line:

* `define( 'AUTHY_API_KEY_PRODUCTION', '' );`
* `define( 'AUTHY_API_KEY_DEVELOPMENT', '' );`

Fill in each empty argument with the corresponding API key and *Authy for WordPress* will always use these settings.
Erick Hitter's avatar
Erick Hitter committed
49

50 51 52 53
== Screenshots ==
1. Authy token field added to the WordPress login form.
2. Users manage their individual Authy settings through their WordPress profiles.

Erick Hitter's avatar
Erick Hitter committed
54 55
== Changelog ==

Erick Hitter's avatar
Erick Hitter committed
56 57 58 59 60
= 0.3 =
* Allow administrators to control which user roles can be used with *Authy for WordPress*.
* Enhance connection setup experience by adding autocomplete to the *Country* field.
* Specify API keys in `wp-config.php` rather than via the plugin settings page.

Erick Hitter's avatar
Erick Hitter committed
61
= 0.2 =
Erick Hitter's avatar
Erick Hitter committed
62
* Receive tokens via SMS if the site's Authy account supports it. Requires at least the [free starter plan](http://www.authy.com/pricing).
Erick Hitter's avatar
Erick Hitter committed
63

64
= 0.1 =
65 66 67 68
* Initial public release.

== Upgrade Notice ==

Erick Hitter's avatar
Erick Hitter committed
69 70 71
= 0.3 =
Restrict the user roles able to utilize *Authy for WordPress* and allow API keys to be specified in `wp-config.php`.

72 73
= 0.2 =
Support users with mobile devices that don't support the Authy app by letting them receive keys via SMS (text message).