WordPress is making plugin developers use 2FA

2FA will soon be standard for WordPress devs

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Two-factor authentication(2FA) will soon be standard for allWordPressadmin accounts, the company has confirmed.

All accounts with the ability to push updates and make changes to site content on thewebsite building platform, such as themes and plugins, will be subject to the new security measure.

“Securing these accounts is essential to preventing unauthorized access and maintaining the security and trust of the WordPress.org community,” a companyannouncementsaid.

Time for 2FA

The 2FA measure will come into force on October 1st and is aimed at preventing hackers with stolen credentials from logging into accounts, pushing dodgy or modified themes and plugins live, and then using these as a backdoor to spreadmalwareor attack other networks further in the supply chain.

2FA provides an extra layer of account security by requiring an additional method of verification through a separate app, text message or physicalsecurity key, helping to shore up weak passwords and protecting against phishing, social engineering and brute force attacks. WordPress provided instructions for activating 2FAhere.

WordPress is believed to be the platform behind around half of all websites online today, which means that when new security flaws in plugins are found, hundreds of thousands to millions of websites are put at risk.

WordPress is also introducing an SVN password feature as an additional measure to secure accounts since 2FA cannot be applied to existing WordPress code repositories, which is why the platform is introducing “a combination of account-level two-factor authentication, high-entropy SVN passwords, and other deploy-time security features.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics