Description
The Duo Universal plugin protects against account takeover by augmenting WordPress logins with multi-factor authentication. Adding Duo is easy and can be done in just a few minutes!
By leveraging Duo’s Universal Prompt, authentications can now use passkeys, biometrics and hardware tokens in addition to phone-based authentication methods. This keeps accounts secure if an attacker learns a user’s login credentials and provides flexible authentication options.
Duo is easy to set up and use. With Duo there’s no extra hardware or complicated software to install, just sign up for Duo’s service and install the plugin. Then you can set which user roles you want to enable multi-factor authentication for admins, editors, authors, contributors, and/or subscribers without setting up user accounts, directory synchronization, servers, or hardware. Users can enroll in Duo authentication and add MFA devices to their accounts as they log into the site.
This plugin reaches out to Duo’s MFA cloud service for the configured user roles which provides an additional layer of authentication.
For more information about Duo’s privacy policy see https://duo.com/legal/cisco-online-privacy-statement
Duo’s terms of service can be found here https://duo.com/legal/terms
Terms of support using Duo’s cloud service are provided here https://duo.com/support
Support for Duo users without a subscription is provided on a best-effort basis via email.
Installation
Integrating Duo MFA with WordPress is a breeze.
See our instructions at duo.com
FAQ
How do I get started with Duo?
Before installing the plugin, you’ll need to sign up for a free account at https://duo.com/.
Is Duo’s two-factor service really free?
Yes, Duo is free up to 10 users and no credit card is required to get started! Paid plans for more than 10 users start at only $1/user/month.
Reviews
Contributors & Developers
“Duo Universal” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Duo Universal” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.1.0
- Refactored 2FA session management
- Switching between multisites will no longer logout the current user.
- Clearing WordPress caches will no longer logout all users.
- There is no longer a 48 hour Duo session separate from the WordPress session.
- Fix plugin file paths on clustered hosting environments.
- Fixed debug logging to properly enable when using the WP_DEBUG constant.
1.0.0
- Initial Release