WordPress Plugin

The LaunchKey WordPress plugin makes it quick and simple to add passwordless multi-factor authentication to your WordPress-powered blog or website. Although you have the option to use LaunchKey in addition to your normal username/password login, this plugin also allows you to remove passwords entirely from your WordPress blog, thereby eliminating the risk of a password breach!


Always ensure you're using the most up-to-date version of WordPress!

Get The Plugin

Download the plugin from the WordPress plugin repository.

View Source

View the source on GitHub or clone the source code:

$ git clone https://github.com/LaunchKey/launchkey-wordpress

Setup The Plugin

After installing the WordPress Plugin, use the configuration wizard to configure the plugin and associate your WordPress account with your LaunchKey or directory user account.

Switching Implementation Types

If, at some point, you wish to switch the implementation type from Native to LaunchKey Authenticator or vice versa, simply re-run the configuration wizard from the LaunchKey Settings page at Admin > Settings > LaunchKey.


Unable to Login to WordPress

If you are unable to login to WordPress via LaunchKey and have removed your password, you can simply reset your user password from the WordPress login window. Once you have successfully reset your password, you can use the password login to authenticate.

SSL/Certificate Errors

If you are having difficulties due to the inability to validate the LaunchKey SSL certificate on a hosted WordPress site, you can try to disable SSL verification. WARNING: Disabling SSL verification makes you site susceptible to man in the middle attacks. Only disable this as a last resort.

  1. Under Admin > Settings > LaunchKey, scroll down to SSL Verify under Advanced Settings.
  2. Un-check the SSL Verify checkbox
  3. Click the Save Changes button
  4. Try to authenticate

Login Hangs

  1. Did you accept the Auth Request on your mobile device?

  2. Is the webhook properly configured?
    1. Login to the Dashboard

    2. Navigate to the service associated with the WordPress site

    3. Verify that the Callback URL value in the Configuration section of the General tab of your Service is the same value as the Callback URL value in the Configuration Details section of the LaunchKey Settings page found at Admin > Settings > LaunchKey.

    4. Verify that the Callback URL is externally available as the Platform will need to reach that URL to send the result of the Auth Request. Open the Callback URL value in the Configuration Details section of the LaunchKey Settings page found at Admin > Settings > LaunchKey. You should be able to access the page remotely by:

      If the cause is determined to be external availability, you must do one of the following:

      • Create a pinhole in your firewall and reconfigure your service in the Dashboard if necessary.
      • use a reverse proxy like ngrok to provide external accessibility to your WordPress site. Reverse proxies like ngrok should only be used for local development environments.
    5. Verify there are no errors in your web server caused by the webhook. The call should be a POST call to /wp-admin/admin-ajax.php?action=launchkey-native-callback. If properly configured, it would respond with 200 OK.

User Contributed

LaunchKey links to user contributed code as a resource to its community. LaunchKey does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to LaunchKey immediately and we will investigate the claim. Submit any issue to LaunchKey support at https://launchkey.com./support. ×