WP-WebAuthn - Passkey on WordPress
With Google recently announcing The beginning of the end of the password I started thinking about WordPress and what plugins are available that allow for passkey support for authentication. Using only your username you can use the passkey system to use your computer or mobile device to perform the rest of the login sequence. Google is moving toward this so I might as well explore this a bit further.
WP-WebAuthn
Looking in the WordPress plugin directory I found a plugin that I’ve been using for several months on WPwatercooler’s website called WP-WebAuthn created by Axton which includes a WebAuthn Login Form block if you need it.
Setting up WP-WebAuthn
The setup of this plugin WP-WebAuthn is easy just install it and then look Settings and WP-WebAuthn where you can set the preferred login method some display settings and how you want the login to work.
Note – On this screen you’ll also see if you get any notices that you may need to install “gmp” module on the server so I went down that rabbit hole for a bit. I cover this below – Installing gmp on SpinUpWP
Once you have done that go to your user profile and scroll down to Registered WebAuthn Authenticators where you can register a new authenticator for each of the devices you will be logging in with and next time you login just put in your username and press Auth and complete the login using FaceID, TouchID, Windows Hello or a bunch of other methods.
Installing gmp on SpinUpWP
My server didn’t have gmp installed so I needed to do that to complete the plugin install and get it setup. Installing gmp on PHP 8.0 was quick running the following commands as a sudo enabled user. I’m following the instructions provided by SpinUpWP – How to change PHP settings. I start by using apt and installing php8.0-gmp and then editing the php.ini file, I chose to do the whole server and just the one site, follow the instructions one way or the other.
$ sudo apt install php8.0-gmp
$ sudo nano /etc/php/8.0/fpm/php.ini
From here search for ;extension=gmp and remove the ; to enable the module.
;extension=bz2
;extension=curl
;extension=ffi
;extension=ftp
;extension=fileinfo
;extension=gd
;extension=gettext
extension=gmp
;extension=intl
;extension=imap
;extension=ldap
Save the file and then restart the php service
$ sudo service php8.0-fpm reload