../../../_images/wordpress-logo.png

WordPress Plugin

The LaunchKey WordPress plugin makes it quick and simple to add passwordless multi-factor authentication to your WordPress-powered blog or website. Although you have the option to use LaunchKey in addition to your normal username/password login, this plugin also allows you to remove passwords entirely from your WordPress blog, thereby eliminating the risk of a password breach!

Note

Always ensure you're using the most up-to-date version of WordPress!

Get The Plugin

Download the plugin from the WordPress plugin repository.

View Source

View the source on GitHub or clone the source code:

$ git clone https://github.com/LaunchKey/launchkey-wordpress

Setup The Plugin

After installing the WordPress Plugin, use the configuration wizard to configure the plugin and pair your WordPress account with your LaunchKey or White Label user account.

Switching Implementation Types

If, at some point, you wish to switch the implementation type from Native to White Label or vice versa, simply re-run the configuration wizard from the LaunchKey Settings page at Admin > Settings > LaunchKey.

Troubleshooting

Unable to Login to WordPress

If you are unable to login to WordPress via LaunchKey and have removed your password, you can simply reset your user password from the WordPress login window. Once you have successfully reset your password, you can use the password login to authenticate.

SSL/Certificate Errors

If you are having difficulties due to the inability to validate the LaunchKey SSL certificate on a hosted WordPress site, you can try to disable SSL verification. WARNING: Disabling SSL verification makes you site susceptible to man in the middle attacks. Only disable this as a last resort.

  1. Under Admin > Settings > LaunchKey, scroll down to SSL Verify under Advanced Settings.
  2. Un-check the SSL Verify checkbox
  3. Click the Save Changes button
  4. Try to authenticate

Login Hangs

  1. Did you accept the Launch Request on your mobile device?

  2. Is the Server Sent Event (SSE) properly configured?
    1. Login to the Dashboard

    2. Navigate to the Rocket associated with the WordPress site

    3. Verify that the Callback URL value in the Configuration section of the General tab of your Rocket is the same value as the Callback URL value in the Configuration Details section of the LaunchKey Settings page found at Admin > Settings > LaunchKey.

    4. Verify that the Callback URL is externally available as the LaunchKey Engine will need to reach that URL to send the result of the Launch Request. Open the Callback URL value in the Configuration Details section of the LaunchKey Settings page found at Admin > Settings > LaunchKey. You should be able to access the page remotely by:

      If the cause is determined to be external availability, you must do one of the following:

      • Create a pinhole in your firewall and reconfigure your Rocket in the Dashboard if necessary.
      • Utilize a reverse proxy like ngrok to provide external accessibility to your WordPress site. Reverse proxies like ngrok should only be used for local development environments.
    5. Verify there are no errors in your web server caused by the Server Sent Event. The call should be a POST call to /wp-admin/admin-ajax.php?action=launchkey-native-callback. If properly configured, it would respond with 200 OK.