Semisecure Login Reimagined v2
With the release of WordPress 2.8, I’m releasing Semisecure Login Reimagined v2. This new version now requires WordPress 2.2 or higher (v1 required WP 2.1 or higher).
Programming note: while v1 of this plugin supported WP 2.1, it also required PHP 4.3. Techincally, WP 2.1.x, 2.2.x, and 2.3.x only required PHP 4.2. Semisecure Login Reimagined v2 should now work properly with PHP 4.2. (Hopefully most people have upgraded to a recent version of PHP 5)
This new version is now using a new internal API to decrypt passwords on the server side. Previously, it had been using the wp_authenticate hook, but this post indicates that it might be removed at some point in the near future. The new API is much more generic and isn’t limited to just logging in.
What’s New
- jQuery is now being used on the client side
- If you’re not able to generate a keypair with the standard or alternative methods, then you can now generate a keypair via JavaScript (you’ll have to manually insert the data in your DB though)
- If you’re using WP 2.7 or higher then you can now encrypt the password on the user administration pages (editing or adding a new user)
- 3rd-party integration support for other plugin authors (see the included help link on the plugin’s settings page)
- You can decide which parts of this plugin to enable: activating the plugin enables the API, while the settings page lets you decide if you want to encrypt the password on the login page (enabled by default so there’s no surprises for anyone upgrading from v1) and if you want to encrypt the password on the user administration pages (disabled by default)
Download
You can still download Semisecure Login Reimagined at its official WordPress page.
baron (Jul 04, 2009)
Works great, thank you
Pingback (Jul 14, 2009)
» Segurança barata: Semisecure Login Reimagined Jardim de Ideias
Pingback (Aug 21, 2009)
Protegendo seu login do WordPress mesmo sem conexão SSL » Winnext
Daniel Hüsken (Aug 23, 2009)
Hi, I am the author of the mimimeta-widget plugin. i use youre fine
plugin for a long time with my plugin. Since the laste versions i
cant use it anymore with my plguin becuse the seidload will crash
on login. I dont have a answere why. can you help me to find a fix.
Daniel Hüsken (Aug 23, 2009)
canges on “Generate New Keypair” will not saved.
moggy (Aug 24, 2009)
Hi Daniel.
You’ll need to make sure that you “do” the following 2 actions:
login_head
login_form
I was able to get it to work by changing line 28 of functions.php from:
if ($test) do_action('login_head'); //do action from login hadto:
do_action('login_head'); //do action from login hadCan you describe what happens when you try to generate a new keypair? And are you using the latest version (v2.1.2)?
Daniel Hüsken (Aug 25, 2009)
Hi moggy, the do_cation works corectly. without a change. in
fierfox i have the masseage after some time that the script not
anwers.
Skript:http://danielhuesken.de/wp-content/plugins/semisecure-login-reimagined/js/jsbn/min/base64.min.js?ver=1.0:1
if i say abort at this point i’m loggtin after hit the abbord
button. I use the version 2.1.2 of your plugin. Oh i will seh that
the keypare is generatet but th options to generate have the
devault values. The i cant seh that the checkbox for force old
method is checked.
moggy (Aug 25, 2009)
@Daniel
What version number were you using previously that was working for you?
Can you setup a repro that I could take a look at? I’m not able to repro. (Send me an email if you don’t want this information public)
The keypair generation options always show their default values. As long as you see that the modulus is updating on the settings page then everything is functioning properly.
Lassar (Sep 02, 2009)
I can’t manage to generate a key ! I am using firefox.
moggy (Sep 04, 2009)
@Lassar
If the problem lies with the default generation method then there’s an option you can set in the AdvancedOptions file. By default it assumes that the openssl executable is in the system path, but this can be modified in that PHP file.
If the problem lies with the alternative generation method then most likely openssl isn’t setup correctly on the server to work with PHP. See this link for more information.
The next version will include some debugging information for situations like this.
Pingback (Sep 09, 2009)
Chris B. – idéias e pensamentos » Plugins do Wordpress para garantir a segurança do seu blog
Pingback (Jan 12, 2010)
43 Excelent Wordpress Security Tips & Plugins | Hacking Truths