[wp-trac] [WordPress Trac] #55514: 2FA by default for WordPress
WordPress Trac
noreply at wordpress.org
Wed Apr 6 20:41:53 UTC 2022
#55514: 2FA by default for WordPress
-----------------------------+------------------------------
Reporter: jamsec | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by jamsec):
Thanks for the response @jorbin
In my view as someone who works with hacked sites every day, it seems that
if outdated/abandoned websites would pile up because users are locked out,
those same outdated sites are getting infected with malware instead.
If 2FA were to be included by default, it can still easily be disabled by
renaming the plugin directory name in wp-content/plugins, so re-
establishing admin access should not be too difficult if someone gets
locked out as most hosting platforms provide access to the file structure.
IMO the pros would outweigh the cons by a pretty large margin.
Even something as simple as adding a ''"Would you like to add 2FA?"'' to
the WordPress installation process would make a huge difference.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55514#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list