The WordPress plugin v1.x (Deprecated)
Attention! These instructions are for the previous version of the UNLOQ WordPress Plugin. For the current version instructions, visit this page.
Looking to add Multi-factor authentication to your WordPress website? UNLOQ authentication protects your Wordpress users from password reuse, phishing and keylogger attacks.
We've designed the UNLOQ plugin so that anyone can install, configure and use it in a matter of minutes. Follow the step by step guide to get started.
If you followed the steps below and encounter issues, please see the
FAQ section.
A. Installation
You can start the plugin installation process:
From your WordPress Plugin store:
- In your instance of Wordpress Admin visit Plugins > Add new
- Search for “UNLOQ” to find the official UNLOQ plugin
- Install and activate the plugin
Or manually via upload:
- Download UNLOQ plugin (https://github.com/UNLOQIO/wordpress-client/releases - latest release)
- In your instance of Wordpress Admin visit Plugins > Add new
- Click on the Upload Plugin button on the upper left corner and select the UNLOQ plugin file you’ve downloaded
- Install and activate the plugin
B. UNLOQ account configuration
***Make sure you use the same email address in UNLOQ and Wordpress. If that is not possible, manually add a new user in your WP installation with the e-mail address used in UNLOQ.***
***If you have already registered in UNLOQ with a different email address, or want to manage more Wordpress installations, just add a new profile to the current UNLOQ account. This is done in the UNLOQ mobile app under Settings -> Profiles***
-
Navigate to
https://unloq.io/register and follow the step by step process to create an account with UNLOQ (no credit card required). We recommend using
the same e-mail address as your WordPress administrator e-mail to avoid being locked-out.
-
Once you’ve logged in, go to Applications, select the Add Application option, Web Application, Wordpress and follow the wizard. You should see a screen like the one below.
-
Grab your API and WIDGET Keys from Application > Settings > General. You’ll need the keys to setup the UNLOQ Plugin in WordPress.
- Note: Every time you press on SHOW KEYS a different API key is created. You can delete the old keys after configuring the new key in your Wordpress installation.
-
Optional: define other widgets if you need. The Login widget is automatically created. The other widgets are not relevant in the context of WordPress applications.
C. Plugin configuration
-
Setup your WordPress plugin.
Once the plugin has been installed, you should see a new entry in your left admin menu for UNLOQ. The first time you access it, it will show you a setup form, requesting your application's API key and login widget key.
-
Configure.
The next step is to configure how your users will interact with the login widget. You can choose to use the plugin in UNLOQ-only authentication, where traditional username and password authentication is disabled, allowing your users to only use their UNLOQ device to authenticate. You may also choose to go with both UNLOQ and passwords in parallel, essentially letting the user decide which form of authentication to use.
D. Manage users
-
Manage Wordpress users.
In case you want to enable auto user registration, in your WordPress instance you can go to Settings > General, and for Membership, select the option Anyone can register. Don't forget to assign the default role for a new user.
If you want to restrict access only to specific users, please add them manually from your WordPress instance under the Users menu option. Users already in your database will be able to login with UNLOQ as long as they have a profile with
the same e-mail as their Wordpress user.
Note that you don’t need to add the users in the UNLOQ account in order for them to be able to login to WordPress. They only have to download the UNLOQ mobile application and create a profile with
the same e-mail as the one used when defining the WordPress profile.
-
Adding users to your UNLOQ account.
You only need to add users under your UNLOQ account in case you work in a team and need to grant access to other team member to manage your UNLOQ WordPress applications.
Currently we only support two roles, both having access to all applications defined under an organisation, the only difference between the two roles being the fact that Owner will have access to the Organisation menu option and can add / revoke access to other users.
E. Optional Steps
-
Customise your application. You can customise the look and feel of the authentication notification and the login widget.
-
Select the authentication methods you’d like your WordPress users to be able to use. You can select from Push authentication, TOTP and e-mail login.
-
If the case, set up Approval Firewall. You can define either positive (allow login only from specific zones) or negative (restrict authentication from specific zones) firewall rules. Also, you can restrict authentication by region or by IP ranges.
-
Widgets and domain. We recommend adding the Logout widget as well, to allow your users to logout remotely from their phone (note that this works only when they use Push authentication to sign in).
F. Frequently asked questions
Login flow not working
- If your WP Installation is behind a reverse proxy or load-balancer, make sure the site's address (under Settings -> General) has the correct protocol (http or https). If the viewer's protocol does not match your site's protocol, cookies might not be correctly set and user session might not work.
- If your site does not allow anybody to register (under Settings -> General -> Membership), UNLOQ users that will try to login with an e-mail that does not exist in your WP site will not be allowed to do so.
- If you want to grant access to other UNLOQ users to your site, add them to your WP site first (Users -> Add new)
Mobile app reset
- If you have deleted the mobile app from your phone, reset your mobile phone, or changed your phone, you will need to re-pair you device.
- Login to https://unloq.io/login using the email method.
- Use the left menu to navigate to your account and click on "RE-PAIR DEVICE". Then scan the QR setup code using the UNLOQ mobile app.
Have a question? You can always send us an email at support@unloq.io, or contact us on chat.
For security related concerns, please visit our Security page.