We have been working on a few major improvements for the past few months. A major chunk of those are out in v2.5. Plus we have a new Duo Security addon for dual authentication.
Two-Factor authentication – Email-based
You can now secure your admin panel with another layer of authentication with the new email based dual authentication. Once you login with your email + password, you will receive an email with a passcode. Only when you enter that passcode, will the panel be accessible. Alternatively, you will also be able click on a link in the email to login.
Two-factor authentication – Duo Security
Though email based dual authentication is much more secure that just logging in with your email + password combo, it is still vulnerable with the faint possibility of someone gaining access to your email. Traditionally, high security dual authentication, by banks for instance, was done by using physical tokens called fobs that users carry on their keychain.
But you don’t want to carry a fob for InfiniteWP in your keychain, do you? That is why we have integrated Duo Security with the admin panel. With Duo Security, your mobile phone is your hardware token. When you login, a request to approve that login will be sent to the Duo Security app on your mobile phone. Just tap to Approve or Deny the request. Easy peasy.
What? Don’t have a smartphone? Seriously? Here you go. :p
There’s a way for you, caveman or cavewoman. Deter not.
Phone call: You can choose to authenticate the request via a call. Answer the call and press any key on your phone’s keypad to authenticate.
SMS Passcode: If you would prefer a SMS (What does that even mean?) over a call, you can send yourself a passcode via SMS. Just enter the passcode to enter the admin panel.
Calls and SMS will need telephony credits in your Duo Security account. Text messages to the US/Canada cost 1 credit and phone calls 2. With a free account, you will get 25 telephony credits every month.
Still need convincing why 2FA is important? Read this – https://www.duosecurity.com/product/why-two-factor
Check out the Duo Security addon here – https://infinitewp.com/addons/duo-security/
Killing tasks in process queue
Certain tasks take more time than expected and you would rather kill them than wait. This can be done now. Click on the kill icon next to the running task in the Process Queue or Activity Log.
By killing the task, we will stop all further calls to WordPress sites. Calls that have already been initiated might bring back replies. If so, they will be updated in the panel.
Clearing Activity log & filtering
The database of panels with a large number of sites were getting clogged up with the activity log. You can now schedule to clear them automatically every 30, 60 or 90 days.
A word of caution: Clearing the logs might affect the data for the Client Reporting addon. So, if you are using the client reporting addon, give enough time before clearing them.
You can now filter the log based on users and actions performed. And also delete the filtered logs.
Send emails via SMTP
You can now send mails via an SMTP server rather than relying on the server mail function.
You can use Gmail’s SMTP too.
Note that Gmail’s SMTP relay service is not available with the legacy free edition of Google Apps. Personal account and Paid Google Apps users can use it.
Email based password resetting.
Though not a huge feature on its own, this is something that should have been part of the app a long time ago. You can now reset password for the admin panel via email and not by editing the database.
We now have a communication channel right inside the panel where we can send important news and updates.
Do let us know your thoughts about this update in the comments below.