Wordpress Plugins – Extensions

Just another WordPress.com weblog

One-Time Password 2.8.6

Author: Marcel Bokhorst
This simple to use plugin enables you to login to your WordPress weblog using passwords which are valid for one session only. One-time passwords prevent stealing of your main WordPress password in less trustworthy environments, like internet cafés, for example by keyloggers. The one-time password system conforms to RFC 2289 of the Internet Engineering Task Force (IETF)
Using the WordPress dashboard

Login to your weblog
Go to Plugins
Select Add New
Search for One-Time Password
Select Install
Select Install Now
Select Activate Plugin


Download and unzip the plugin
Upload the entire one-time-password/ directory to the /wp-content/plugins/ directory
Activate the plugin through the Plugins menu in WordPress

Should the pass-phrase be equal to my main password?

No, but it could be.

Should I remember the pass-phrase?

No, if you plan to use a printed one-time password list only.

Yes, if you plan to use a one-time password generator,
either on your iPhone (not tried)
or on mobile phones that support JavaME, for example using
j2me-otp (tried with success) or
OTPGen (not tried).

If you are using a one-time password generator, you can safely generate a new password list using a one-time password
by entering this password in the pass-phrase field and by checking Pass-phrase is a One-Time Password.
The sequence number should be entered into the Count/sequence field. In this case no password list will be displayed.

Are pass-phrases to generate one-time password lists stored?


What should I do when I have lost my one-time password list?

Revoke it as soon as possible. Generating a new one-time password list will revoke the existing list automatically.
Do not generate a new one-time password list with the same pass-phrase, seed and algorithm (at least one should be different).

Can I generate a one-time password list again?

Yes, if you remember the pass-phrase, seed and algorithm, but the one-time password sequence will be reset.

Are one-time passwords case sensitive?


How do I choose between logging-in using a one-time password or my main WordPress password?

Simply enter the password of your choice into the WordPress password box.

How can I change the styling?

Copy wp-otp.css to your theme directory to prevent it from being overwritten by an update
Change the style sheet to your wishes; the style sheet contains documentation

Why does this plugin require at least WordPress version 2.8?

Because the new authenticate filter is used.
See this article for more details.

Is this plugin multi-user?

Yes, since version 0.5.

Will this plugin work with WordPress MU?

Yes, since version 1.2.

Why does this plugin require at least PHP version 5.0.0?

Because this is a requirement of the PHP One-Time Passwords class and
because the try-catch construction is used as a fail-safe for the login screen.

Who can modify the one-time password options?

Users with manage_options capability, normally only administrators.

What is the scope of the one-time password options?

Site wide.

How does the integration with the http:BL plugin work?

First of all the integration with the http:BL plugin
has to be enabled using the settings menu.
If enabled, you can navigate to the login url of your blog, even if http:BL would normally block it.
A warning indication the age, level and threat type is displayed above the login window.
You can login only using a one-time password, not with your user name and password.
After logging in, you can navigate to any part of your weblog, until you sign out.
Note that before logging in only wp-login.php is available and no other addresses like /wp-admin/.

I recommend installing Invalidate Logged Out Cookies for more security.

How does the integration with Bad Behavior work?

If you enable the option to disable Bad Behavior on the login page using the settings menu the Bad Behavior plugin will be disabled.
To re-enabled the Bad Behavior plugin you have to disable this option first.
When this option is enabled the one-time password plugin will load the Bad Behavior plugin instead of WordPress, except for the login page and for every other page when you are logged in using a one-time password.
Unfortunately it is not possible (yet) to display a warning on the login page that Bad Behavior would block access.

Where can I ask questions, report bugs and request features?

You can write a comment on the support page.

One-Time Password 2.8.6


April 22, 2010 - Posted by | download, extension, extensions, free, get, internet, plugin, plugins, Uncategorized, wordpress

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: