[wp-trac] [WordPress Trac] #32401: Multi step authentication - adding hooks to wp-login.php
WordPress Trac
noreply at wordpress.org
Thu May 14 18:14:21 UTC 2015
#32401: Multi step authentication - adding hooks to wp-login.php
------------------------------------+-----------------------------
Reporter: tomdxw | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.2.2
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
At the moment it's very difficult to add extra steps to wp-login.php.
There are several situations where a second step is necessary:
* There are TOTP plugins hosted on WordPress.org but they all assume every
user will use 2FA and so show the field for the TOTP token in the login
form. That's not appropriate for the situation where some users will have
it enabled and some won't.
* If you send a token to a user via SMS then you need a second step in the
form after the user has typed their username/password.
* If you use a captcha that doesn't target every user (i.e. it may be
based on how many failed attempts there have been in the past hour for
each account) that needs a second step too.
The whole process of adding a second step to the login process is very
hacky and involves copying lots of code from wp-login.php (which as I
think we all know leads to very fragile plugins).
Note that this ticket is not proposing including any kind of 2FA into
WordPress core. This ticket is only about adding hooks to wp-login.php to
make it much easier for people writing 2FA (and other authentication-
related) plugins.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32401>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list