[wp-trac] [WordPress Trac] #55514: 2FA by default for WordPress

WordPress Trac noreply at wordpress.org
Wed Apr 6 20:41:53 UTC 2022

#55514: 2FA by default for WordPress
 Reporter:  jamsec           |       Owner:  (none)
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Security         |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:

Comment (by jamsec):

 Thanks for the response @jorbin

 In my view as someone who works with hacked sites every day, it seems that
 if outdated/abandoned websites would pile up because users are locked out,
 those same outdated sites are getting infected with malware instead.

 If 2FA were to be included by default, it can still easily be disabled by
 renaming the plugin directory name in wp-content/plugins, so re-
 establishing admin access should not be too difficult if someone gets
 locked out as most hosting platforms provide access to the file structure.

 IMO the pros would outweigh the cons by a pretty large margin.

 Even something as simple as adding a ''"Would you like to add 2FA?"'' to
 the WordPress installation process would make a huge difference.

Ticket URL: <https://core.trac.wordpress.org/ticket/55514#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list