WordPress.org

Ready to get started?Download WordPress

Forums

Two factor authentication is now mandatory in our world (11 posts)

  1. johnsontk10
    Member
    Posted 10 months ago #

    Let's face it.

    The world of IT security continually evolves, and there are hackers trying to bruteforce your wordpress installation as we speak.

    As a result of the crazy world we live in, I'm formally requesting that WordPress impelement a two factor authentication system.

    WordPress.com has it, why not wordpress.org individual installations?

    So many businesses (and individuals) rely on their business web presence on WordPress, isn't it rationale to protect these assets with two factor authentication?

    I realize many plugins offer two factor authentication, but it's time for wordpress to adapt such a feature into its core system.

    If you agree, please reply or "like" so wordpress developers take notice.

  2. Pete
    Member
    Posted 10 months ago #

    How do you 'like' a post?

  3. WPyogi
    Volunteer Moderator
    Posted 10 months ago #

    If you mean on these forums, you can't.

  4. Andrew
    Forum Moderator
    Posted 10 months ago #

    Brute force should be tackled at the server side by your hosting providers, so that not even bandwidth is wasted on them.

  5. johnsontk10
    Member
    Posted 10 months ago #

    Lol.

    In that case.

    I'd also like to formally request the ability to "like" a post on these forums.

    :o)

    Seriously though.

    I'm surprised not more people are interested in this?

    All the major Internet services are hopping on board with two factor authentication.

    Google, Microsoft, Paypal, Steam, even WordPress.com.

    Why not individual wordpress installations?

  6. esmi
    Forum Moderator
    Posted 10 months ago #

    I'm surprised not more people are interested in this?

    Have you tried looking at some of the secure login plugins?

  7. Christian1012
    Member
    Posted 10 months ago #

    +1 for option in core.

  8. johnsontk10
    Member
    Posted 10 months ago #

    Security plugins suck.

    They have a propensity to break.

    I want clean code.

    Secure code.

    Code that's integrated into the core.

    :)

  9. johnsontk10
    Member
    Posted 10 months ago #

    And PS: to Andrew about bruteforce...

    You're avoiding the issue.

    Who gives a woot who should handle bruteforce attacks?

    The fact is; they happen.

    And what about if you got tricked into activating a keylogger or backdoor Trojan.

    The fact is; people get their WordPress installations hacked.

    Why not activate two factor authentication into the core?

    Why prevent it from occurring faster?

    Why make a million excuses as to why wordpress should NOT integrate it into their core?

    That's what I'm seeing here.

    Why would anyone say it's a bad idea?

    Lol.

  10. leejosepho
    Member
    Posted 10 months ago #

    And what about if you got tricked into activating a keylogger or backdoor Trojan.

    The fact is; people get their WordPress installations hacked.

    Why not activate two factor authentication into the core?

    Not that it really matters since things are as they are, but I would like to know how a plugin can change my root htaccess permissions from 0404 to 0644.

  11. johnsontk10 - If you can find a way to integrate TFA with every single webserver, without them having to install more server software, then maybe, MAYBE, WP could support it out of the box.

    But. Nginx and Apache and IIS, a dozen different Linux flavors. Many hundreds of PHP options. And then myriad hosts. There are exponential combinations.

    It's just not feasable at this time. Plugins are the way to go right now. Long term? Sure, this is on the radar, but it won't work today.

Reply

You must log in to post.

About this Topic

Tags

No tags yet.