Deactivate Google Authenticator
If you don’t already use the excellent Google Authenticator plugin for WordPress by Henrik Schack (or similar alternative), then you should do.
The Google Authenticator plugin is intended to ensure that you are who you say you are (for security purposes). An alternative route to improving security is to block all IP addresses except for ones you trust. However, wouldn’t it be nice to be able to log straight in when on trusted IP addresses, but still force the use of the Google Authenticator when using an untrusted IP?
The following plugin can solve this problem. It is currently set to only allow users with an IP address of “127.0.0.1”, but you can alter that to suit your own IP, or even include a range of IP addresses to suit your own needs.
The code is not currently working unfortunately. To decouple some of the methods from the Google Authenticator class, I needed to specify an object variable name in the original plugin. I’m about to send a patch to Henrik and once that is ready, the plugin functionality should be working. In the mean time, here is the patch if you feel like hacking up the original plugin temporarily.
<?php
/*
Plugin Name: Deactivate Google Authenticator
Plugin URI: https://geek.hellyer.kiwi/products/deactivate-google-authenticator/
Description: Deactivate Google Authenticator based on IP
Author: Ryan Hellyer
Version: 1.0
Author URI: https://geek.hellyer.kiwi/
Requires: WordPress 3.5
Copyright 2012 Ryan Hellyer
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
/*
* Deactivate Google Authenticator when not at correct IP
*
* @since 1.0
* @author Ryan <ryan@metronet.no>
* @global array $google_authenticator
*/
function deactivate_google_authenticator() {
global $google_authenticator;
// Don't force multifactor authentication for users at the correct IP
if ( '127.0.0.1' == $_SERVER['REMOTE_ADDR'] ) {
remove_action( 'login_form', array( $google_authenticator, 'loginform' ) );
remove_action( 'login_footer', array( $google_authenticator, 'loginfooter' ) );
remove_filter( 'authenticate', array( $google_authenticator, 'check_otp' ), 50, 3 );
}
}
add_action( 'init', 'deactivate_google_authenticator', 11 );