menu_twoFactor.php
8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
<div class="wordfenceModeElem" id="wordfenceMode_twoFactor"></div>
<div class="wrap" id="paidWrap">
<?php require('menuHeader.php'); ?>
<?php $pageTitle = "Cellphone Sign-in"; $helpLink="http://docs.wordfence.com/en/Cellphone_sign-in"; $helpLabel="Learn more about Cellphone Sign-in"; include('pageTitle.php'); ?>
<?php
$rightRail = new wfView('marketing/rightrail');
echo $rightRail;
?>
<?php if(! wfConfig::get('isPaid')){ ?>
<div class="wf-premium-callout" style="margin: 20px 0 20px 20px; width: 700px;">
<h3>Cellphone Sign-in is only available to Premium Members</h3>
<p>Our Cellphone Sign-in uses a technique called "Two Factor Authentication" which is used by banks, government
agencies and military world-wide as one of the most secure forms of remote system authentication. It's now
available from Wordfence for your WordPress website. We recommend you enable Cellphone Sign-in for all
Administrator level accounts.</p>
<p>Upgrade today:</p>
<ul>
<li>Receive real-time Firewall and Scan engine rule updates for protection as threats emerge</li>
<li>Other advanced features like IP reputation monitoring, an advanced comment spam filter, advanced
scanning options and country blocking give you the best protection available
</li>
<li>Access to Premium Support</li>
<li>Discounts of up to 90% available for multiyear and multi-license purchases</li>
</ul>
<p class="center"><a class="button button-primary"
href="https://www.wordfence.com/gnl1twoFac1/wordfence-signup/" target="_blank">Get Premium</a></p>
</div>
<?php } ?>
<?php
if (!wfConfig::get('loginSecurityEnabled')) {
$url = network_admin_url('admin.php?page=WordfenceSecOpt');
?>
<div class="notice notice-error"><p>The login security option is currently disabled. This will prevent your website from enforcing two factor authentication for any users configured below. Visit the <a href="<?php echo esc_url($url); ?>">Options page</a> to enable login security.</p></div>
<?php
}
?>
<div class="wordfenceWrap" style="margin: 20px 20px 20px 30px; max-width: 800px;">
<h2>Enable Cellphone Sign-in</h2>
<p><em>Our Cellphone Sign-in uses a technique called "Two Factor Authentication" which is used by banks, government agencies and military world-wide as one of the most secure forms of remote system authentication. We recommend you enable Cellphone Sign-in for all Administrator level accounts.</em></p>
<table class="wfConfigForm">
<tr><td>Username to enable Cellphone Sign-in for:</td><td><input type="text" id="wfUsername" value="" size="20" /></td></tr>
<tr><td class="align-top">Code generation mode:</td><td>
<table class="wfConfigForm">
<tr><td><input type="radio" name="wf2faMode" value="authenticator" checked></td><td>Use authenticator app</td></tr>
<tr><td><input type="radio" name="wf2faMode" value="phone"></td><td>Send code to a phone number: <input type="text" id="wfPhone" value="" size="20" disabled><br><em>Format: +1-123-555-5034</em></td></tr>
</table>
</td></tr>
<tr><td colspan="2"><input type="button" class="button button-primary" value="Enable Cellphone Sign-in" onclick="WFAD.addTwoFactor(jQuery('#wfUsername').val(), jQuery('#wfPhone').val(), jQuery('input[name=wf2faMode]:checked').val());" /></td></tr>
</table>
<div style="height: 20px;">
<div id="wfTwoFacMsg" style="color: #F00;">
</div>
</div>
<h2>Cellphone Sign-in Users</h2>
<div id="wfTwoFacUsers">
</div>
<br>
<h2>Security Options</h2>
<table class="wfConfigForm">
<tr>
<td><input type="checkbox" class="twoFactorOption" id="loginSec_requireAdminTwoFactor" name="loginSec_requireAdminTwoFactor"<?php echo wfConfig::get('loginSec_requireAdminTwoFactor') ? ' checked' : ''; ?>></td>
<th>Require Cellphone Sign-in for all Administrators<a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><br>
<em>This setting requires at least one administrator to have Cellphone Sign-in enabled. On multisite, this option applies only to super admins.</em></th>
</tr>
<tr>
<?php
$allowSeparatePrompt = ini_get('output_buffering') > 0;
?>
<td><input type="checkbox" class="twoFactorOption" id="loginSec_enableSeparateTwoFactor" name="loginSec_enableSeparateTwoFactor"<?php echo wfConfig::get('loginSec_enableSeparateTwoFactor') ? ' checked' : ''; echo ($allowSeparatePrompt ? '' : ' disabled'); ?>></td>
<th>Enable Separate Prompt for Two Factor Code<a href="<?php echo $helpLink; ?>" target="_blank" class="wfhelp"></a><br>
<em>This setting changes the behavior for obtaining the two factor authentication code from using the password field to showing a separate prompt. If your theme overrides the default login page, you may not be able to use this option.</em>
<?php echo ($allowSeparatePrompt ? '' : '<br><strong>This setting will be ignored because the PHP configuration option <code>output_buffering</code> is off.</strong>'); ?></th>
</tr>
</table>
<script type="text/javascript">
jQuery('.twoFactorOption').on('click', function() {
WFAD.updateConfig(jQuery(this).attr('name'), jQuery(this).is(':checked') ? 1 : 0, function() {});
});
jQuery('input[name=wf2faMode]').on('change', function() {
var selectedMode = jQuery('input[name=wf2faMode]:checked').val();
jQuery('#wfPhone').prop('disabled', selectedMode != 'phone');
});
</script>
</div>
</div>
<script type="text/x-jquery-template" id="wfTwoFacUserTmpl">
<table class="wf-table">
<thead>
<tr>
<th style="width: 80px;"></th>
<th style="width: 100px;">User</th>
<th style="width: 180px;">Mode</th>
<th>Status</th>
</tr>
</thead>
<tbody>
{{each(idx, user) users}}
<tr id="twoFactorUser-${user.userID}">
<td style="white-space: nowrap; text-align: center;"><a href="#" class="button" onclick="WFAD.delTwoFac('${user.userID}'); return false;">Delete</a></td>
<td style="white-space: nowrap;">${user.username}</td>
{{if user.mode == 'phone'}}
<td style="white-space: nowrap;">Phone (${user.phone})</td>
{{else}}
<td style="white-space: nowrap;">Authenticator</td>
{{/if}}
<td style="white-space: nowrap;">
{{if user.status == 'activated'}}
<span style="color: #0A0;">Cellphone Sign-in Enabled</span>
{{else}}
Enter activation code: <input type="text" id="wfActivate-${user.userID}" size="6" /><input type="button" value="Activate" onclick="WFAD.twoFacActivate('${user.userID}', jQuery('#wfActivate-${user.userID}').val());" />
{{/if}}
</td>
</tr>
{{/each}}
{{if (users.length == 0)}}
<tr id="twoFactorUser-none">
<td colspan="4">No users currently have cellphone sign-in enabled.</td>
</tr>
{{/if}}
</tbody>
</table>
</script>
<script type="text/x-jquery-template" id="wfWelcomeTwoFactor">
<div>
<h3>Secure Sign-in using your Cellphone</h3>
<strong><p>Want to permanently block all brute-force hacks?</p></strong>
<p>
The premium version of Wordfence includes Cellphone Sign-in, also called Two Factor Authentication in the security industry.
When you enable Cellphone Sign-in on a member's account, they need to complete a
two step process to sign in. First they enter their username and password
as usual to sign-into your WordPress website. Then they're told
that a code was sent to their phone. Once they get the code, they sign
into your site again and this time they add a space and the code to the end of their password.
</p>
<p>
This technique is called Two Factor Authentication because it relies on two factors:
Something you know (your password) and something you have (your phone).
It is used by banks and military world-wide as a way to dramatically increase
security.
</p>
<p>
<?php
if(wfConfig::get('isPaid')){
?>
You have upgraded to the premium version of Wordfence and have full access
to this feature along with our other premium features.
<?php
} else {
?>
If you would like access to this premium feature, please
<a href="https://www.wordfence.com/gnl1twoFac2/wordfence-signup/" target="_blank">upgrade to our premium version</a>.
<?php
}
?>
</p>
</div>
</script>