• Resolved bilal43

    (@bilal43)


    Hello there,
    On login in WordPress I want to validate OTP (one time password) that is sent on user mobile phone. Please guide me how can I hook into login to verify OTP. I want to add code in themes and do not want to use plugin..

    I tried filter wp_login and authenticate but the problem is session started earlier, now user can quit this page and browse other pages as logged in users..

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    What provider are you using for your OTP? There are plugins for Google Authenticator.

    Moderator bcworkz

    (@bcworkz)

    So you want the OTP to only allow access to one page? Other page requests will require their own OTP? You might consider using password protected pages, a built in WP functionality. The passwords are not one time though. They are essentially shared passwords, which admittedly have their own set of issues.

    I’ve not done so, but it should be possible to alter the page password scheme to be unique one time use. The main problem would be handling simultaneous requests from multiple users.

    You could still make use of the “authenticate” filter. To prevent further access, have a JS script on the page kill off the authentication cookie once the page is served. This logs out the user, requiring them to authenticate again before accessing logged in only content.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘validate OTP on login’ is closed to new replies.