The LaunchKey WordPress plugin makes it quick and simple to add passwordless multi-factor
authentication to your WordPress-powered blog or website. Although you have the option to use LaunchKey in addition to
your normal username/password login, this plugin also allows you to remove passwords entirely from your WordPress blog,
thereby eliminating the risk of a password breach!
Always ensure you're using the most up-to-date version of WordPress!
View the source on GitHub or clone the source code:
$ git clone https://github.com/LaunchKey/launchkey-wordpress
Setup The Plugin
After installing the WordPress Plugin, use the configuration wizard to configure the plugin and pair your WordPress
account with your LaunchKey or White Label user account.
Switching Implementation Types
If, at some point, you wish to switch the implementation type from Native to White Label or vice versa, simply
re-run the configuration wizard from the LaunchKey Settings page at Admin > Settings > LaunchKey.
Unable to Login to WordPress
If you are unable to login to WordPress via LaunchKey and have removed your password, you can simply reset your user
password from the WordPress login window. Once you have successfully reset your password, you can use the password
login to authenticate.
If you are having difficulties due to the inability to validate the LaunchKey SSL certificate on a hosted WordPress
site, you can try to disable SSL verification. WARNING: Disabling SSL verification makes you site susceptible to
man in the middle attacks. Only disable this as a last resort.
- Under Admin > Settings > LaunchKey, scroll down to SSL Verify under Advanced Settings.
- Un-check the SSL Verify checkbox
- Click the Save Changes button
- Try to authenticate
Did you accept the Launch Request on your mobile device?
- Is the Server Sent Event (SSE) properly configured?
Login to the Dashboard
Navigate to the Rocket associated with the WordPress site
Verify that the Callback URL value in the Configuration section of the General tab of your Rocket
is the same value as the Callback URL value in the Configuration Details section of the LaunchKey Settings
page found at Admin > Settings > LaunchKey.
Verify that the Callback URL is externally available as the LaunchKey Engine will need to reach that
URL to send the result of the Launch Request. Open the Callback URL value in the
Configuration Details section of the LaunchKey Settings page found at Admin > Settings > LaunchKey. You
should be able to access the page remotely by:
- Opening it in a browser on a device not connected to the same network as the WordPress site.
- Using a web page testing tool like:
If the cause is determined to be external availability, you must do one of the following:
- Create a pinhole in your firewall and reconfigure your Rocket in the Dashboard if necessary.
- Utilize a reverse proxy like ngrok to provide external accessibility to your WordPress site. Reverse proxies
like ngrok should only be used for local development environments.
Verify there are no errors in your web server caused by the Server Sent Event. The call should be a
/wp-admin/admin-ajax.php?action=launchkey-native-callback. If properly configured, it would respond