Configuring WordPress for GreenRADIUS 2FA

Introduction

GreenRADIUS can be used to enforce two-factor authentication for Wordpress installations.

Contact us to evaluate our WordPress plugin for GreenRADIUS 2FA.

Prerequisites

  1. A WordPress server, with administrative permissions to modify it.
  2. A publicly accessible GreenRADIUS instance with a valid certificate installed. The certificate must be trusted by the WordPress instance.
  3. The WordPress 2FA plugin from Green Rocket Security

Steps

  1. Log into your administrative account on WordPress.
  2. Click the "Plugins" menu in the left tab, then select "Add New" > "Upload Plugin".
  3. Select the .ZIP file from Green Rocket Security, and upload it.
  4. Select "Plugins" -> "Installed Plugins" from the left menu.
  5. Click "Activate" under the "GreenRADIUS Authentication" entry.
  6. In the left menu, select "Settings" > "GreenRADIUS Authentication".

WordPress settings

  1. Enter the hostname of the GreenRADIUS instance and click "Save".
  2. When you next attempt to log into the WordPress instance, you should see an OTP field:

Wordpress login with GreenRADIUS

  1. Log in with a user that is imported in GreenRADIUS. (Only user accounts in GreenRADIUS can now log in. Local WordPress user accounts that do not have a matching LDAP username imported into GreenRADIUS will no longer be able to log in with local credentials.

For example, if there is an existing WordPress user account with a username of "jdoe", there needs to be a corresponding LDAP user account with a username of "jdoe". This LDAP user account also needs to be among the users imported into GreenRADIUS, so that there is a "jdoe" user account in GreenRADIUS.

GreenRADIUS Validation of Token Only

The WordPress plugin and GreenRADIUS can be configured so that WordPress validates the user's local WordPress password and GreenRADIUS validates the token. To do this, follow the steps below:

  1. In the plugin settings, check the "Split Authentication" checkbox and click the Save button

WordPress plugin settings

  1. In the GreenRADIUS web admin interface, go to the "Global Configuration" tab and click the "General" icon
  2. Set "Enable Password Authentication Through GreenRADIUS" to "No".
  • NOTE: This GreenRADIUS setting is a global setting. It will enable or disable password validation through GreenRADIUS for all RADIUS and Web API integrations.

Web Analytics Made Easy -
StatCounter

Updated 2020-11-17
© 2020 Green Rocket Security Inc. All rights reserved.