[wp-meta] [Making WordPress.org] #7851: Theme Submissions should require 2FA
Making WordPress.org
noreply at wordpress.org
Tue Dec 10 03:35:58 UTC 2024
#7851: Theme Submissions should require 2FA
-----------------------------+--------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone:
Component: Theme Directory | Keywords:
-----------------------------+--------------------
[https://make.wordpress.org/plugins/2024/09/04/upcoming-security-changes-
for-plugin-and-theme-authors-on-wordpress-org/ As part of increasing
security, Theme Authors are required to have 2FA active on their
accounts.]
As part of submitting a new version of a theme, the user should be
required to validate their 2FA details.
I'm not sure how best to handle this for initial theme submissions. The
user doesn't require 2FA until they've got a published theme, but since we
don't differentiate between `upload new theme` and `upload update for
theme` - there's just a single form.
Perhaps we should simply require that the user sets up 2FA in order to
submit a theme? This would increase the barrier to submission, but doesn't
seem too burdensome.
A question is raised on themes.svn direct access though; as this won't
validate their 2FA (For plugins, we use Release Confirmation) - perhaps we
can rely upon using a SVN password here.
Related: #7704
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7851>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list