Securing page/content with text message OTP

  • Jarek Sek

    (@jarek-sek)


    8 years ago

    Hi WP Gurus!

    I’m looking for a way to limit access to certain pages. Been through several plugins and integrations but can’t really find a solution for this. Being totally no-coder I will surely not produce needed code as well.

    Is there an available plugin/service (preferred free but paid could work as well) that will do the following:
    – I keep database of phone numbers in Google Sheets
    – user tries to access the page and get the screen/pop-up asking to fill the phone number
    – when number is provided it’s checked vs my list
    – if it’s on the list one-time password is sent via text message and user can access the page

    I don’t want users to set up any profile (especially WP one) or register in any way.

    Many thanks in advance for all ideas!
    Jarek

Viewing 2 replies - 1 through 2 (of 2 total)
  • adonispaxon

    (@adonispaxon)

    Jarek,

    I don’t have any suggestions but will say that you are onto a very forward thinking concept. Anything Blending Text Integration with WP Sites is Futuristic. Keep up the good thoughts and ensure the ideas keep flowing, good luck, you might need a Pro Developer on this one.

    Moderator bcworkz

    (@bcworkz)

    I would suggest importing the phone numbers into the WP user data. Not so users need to register or even be concerned about it, just as a place to store data that is meaningful to WP. Maybe the phone numbers could even be the username. The other reason for this is to avoid needing to link to another server to look up phone numbers. It would also simplify distributing your plugin to others if they do not need to setup their Google account.

    Post passwords can be made single use by changing the stored hash through the PasswordHash class. Decide on some action that triggers the password change, perhaps after the post content is output after a successful password input.

    There are various filters related to what is displayed when a post needs a password, so that can be changed to a phone prompt. You would need to intercept the provided phone number because WP will think it’s a password attempt. There needs to be some way to distinguish true passwords from phone numbers. Maybe ensure passwords always start with an alphabetic character. Or maybe the fact a password was sent out determines what is prompted for and how it’s processed. This latter idea would need to keep track of users by session variable so one user who hadn’t yet entered a phone number will still get the correct prompt while the user who already put in a phone number will get the true password prompt.

    Good luck on your very interesting project!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Securing page/content with text message OTP’ is closed to new replies.