[wp-trac] [WordPress Trac] #44552: Better security for wp-admin console
WordPress Trac
noreply at wordpress.org
Tue Jul 10 07:14:03 UTC 2018
#44552: Better security for wp-admin console
-----------------------------+---------------------------------
Reporter: emergencyscotch | Owner: (none)
Type: feature request | Status: closed
Priority: normal | Milestone:
Component: Administration | Version: 4.9.7
Severity: normal | Resolution: duplicate
Keywords: | Focuses: ui, administration
-----------------------------+---------------------------------
Changes (by swissspidy):
* status: new => closed
* resolution: => duplicate
* milestone: Awaiting Review =>
Comment:
Hi and welcome to WordPress Trac!
These questions have come up multiple times before, so I'll close your
ticket as a duplicate. However. I wanted to quickly go through them:
> but including these features by default would solve a lot of security
problems out of the gate
I don't think we can expect the majority of WordPress users to
''understand'' and use 2FA. That's why the plugin ecosystem is so great.
See also #32247.
> 2 factor authentication
Please check out the https://wordpress.org/plugins/two-factor/ feature
project. Feature projects are projects that usually start with research
and a PoC plugin. If it proves to be a great fit for core, it can be
proposed for merge into WordPress itself.
You can learn more about that here:
https://make.wordpress.org/core/features/
> ability to hide / change the login url to something different (to help
prevent bruteforce)
This is just security through obscurity and doesn't really help with
anything. See #13118 and #7194 for why we won't do this.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44552#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list