1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • WordPress is making plugin developers use 2FA

    From TechnologyDaily@1337:1/100 to All on Thu Sep 12 09:30:05 2024
    WordPress is making plugin developers use 2FA

    Date:
    Thu, 12 Sep 2024 09:19:05 +0000

    Description:
    Devs will the ability to push site updates will have to have 2FA, and secure passwords.

    FULL STORY ======================================================================

    Two-factor authentication (2FA) will soon be standard for all WordPress
    admin accounts, the company has confirmed.

    All accounts with the ability to push updates and make changes to site
    content on the website building platform , such as themes and plugins, will
    be subject to the new security measure.

    "Securing these accounts is essential to preventing unauthorized access and maintaining the security and trust of the WordPress.org community," a company announcement said. Time for 2FA

    The 2FA measure will come into force on October 1st and is aimed at
    preventing hackers with stolen credentials from logging into accounts,
    pushing dodgy or modified themes and plugins live, and then using these as a backdoor to spread malware or attack other networks further in the supply chain.

    2FA provides an extra layer of account security by requiring an additional method of verification through a separate app, text message or physical security key , helping to shore up weak passwords and protecting against phishing, social engineering and brute force attacks. WordPress provided instructions for activating 2FA here .

    WordPress is believed to be the platform behind around half of all websites online today, which means that when new security flaws in plugins are found, hundreds of thousands to millions of websites are put at risk.

    WordPress is also introducing an SVN password feature as an additional
    measure to secure accounts since 2FA cannot be applied to existing WordPress code repositories, which is why the platform is introducing "a combination of account-level two-factor authentication, high-entropy SVN passwords, and
    other deploy-time security features." More from TechRadar Pro Take a look at some of the best password managers Thousands of WordPress sites potentially
    at risk from plugin security flaw These are the best VPNs with antivirus



    ======================================================================
    Link to news story: https://www.techradar.com/pro/wordpress-is-making-plugin-developers-use-2fa


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)