duo_universal_wordpress - Duo universal authentication for WordPress logins
This WordPress plugin allows you to quickly add Duo Universal authentication to any WordPress login.
This plugin reaches out to Duo's MFA cloud service for the configured user roles which provides an additional layer of authentication. For more information about Duo's privacy policy see https://duo.com/legal/cisco-online-privacy-statement Duo's terms of service can be found here https://duo.com/legal/terms
Login sessions are affected by this plugin. The shorter duration between your WordPress and Duo timeout will determine when the session expires. Duo sessions have a timeout of 48 hours, which is not currently configurable.
Documentation: https://duo.com/docs/wordpress
duo_universal_wordpress uses PHP's cURL extension and OpenSSL for TLS operations.
TLS support will depend on the versions of multiple libraries: TLS 1.2 support requires PHP 5.5 or higher, curl 7.34.0 or higher, and OpenSSL 1.0.1 or higher. TLS 1.3 support requires PHP 7.3 or higher, curl 7.61.0 or higher, and OpenSSL 1.1.1 or higher.
php and composer are necessary for local development. Using brew:
brew install php
brew install composer
Additionally, on Macs using Apple Silicon (M1, M2, etc.), gd is needed:
brew install gd
Then install project dependencies:
composer install
A docker container is included as a development environment. To use it, run:
docker-compose up -d
Once created, navigate to localhost/wp-login.php in a browser. Install
Wordpress and create an admin account. Once installed, you can find the
installation at /var/www/html/. Your duo_universal_wordpress repo will be
mirrored to /var/www/html/wp-content/plugins/duo_universal_wordpress so the
plugin is automatically installed.
To activate the plugin, login to Wordpress and go to the Plugins page. Activate Duo Universal, and then click Settings for the plugin. Enter the ikey, skey, and api_host from your Duo Wordpress integration. Upon save, you will see the Duo prompt for 2FA.
The following may be set in a .env file to be applied to the dev docker
container:
HTTP_PORT: HTTP port to use. Default:80HTTPS_PORT: HTTPS port to use. Default443DB_PLATFORM: The platform to use for thedbservice defined in the docker compose file. Defaults to the host machine's platform. The image used for thedbservice does not havelinux/arm64/v8support. On such hosts (e.g. Apple Silicon Macs), set this tolinux/amd64.WORDPRESS_VERSION: The WordPress version to use when building the docker container. Must be a valid tag per https://hub.docker.com/_/wordpress/tags. Defaults tolatest. Note that only one container at a time is currently supported, so when switching versions you'll need to remove the existing dev container before runningdocker-compose up -dagain.
The wordpress installation includes the wp command line tool. Note that all
commands must be run with --allow-root when shelled into the container as
root.
Some helpful commands:
wp core multisite-convert: converts the installation to multi-site. Note that there is not a good way to undo this.wp plugin deactivate duo_universal_wordpress: deactivate the duo plugin. Helpful if you've locked yourself out or can't complete 2FA for some reason.wp plugin activate duo_universal_wordpress: activate the duo pluginwp plugin list: list all plugins
By default, the dev container limits uploads to 2MB. This is too small for builds of the plugin, so to upload a build instead of using the mirrored build, you'll need to increase the limit.
- Create or edit
/var/www/html/.htaccessand setphp_value upload_max_filesize 128M(or whatever value you want) - For some reason this caps it out at 8 MB regardless of how high the value is set, but that's big enough for the plugin.
Add define( 'WP_DEBUG_LOG', true ); to /var/www/html/wp-config.php. Debug
logging will be printed to /var/www/html/debug.log.
composer install
./vendor/bin/phpunit --process-isolation tests
composer archive -f zip
Report any bugs, feature requests, etc. to us directly: support@duosecurity.com
Have fun!