Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 6 years ago

#44552 closed feature request (duplicate)

Better security for wp-admin console

Reported by: emergencyscotch's profile emergencyscotch Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.7
Component: Administration Keywords:
Focuses: ui, administration Cc:

Description

There are a number of plugins designed to address these issues, but including these features by default would solve a lot of security problems out of the gate and would be more secure / reliable than depending on 3rd party plugin developers:

  • 2 factor authentication
  • ability to hide / change the login url to something different (to help prevent bruteforce), e.g. "admin.example.com"

Change History (4)

#1 follow-up: @swissspidy
7 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi and welcome to WordPress Trac!

These questions have come up multiple times before, so I'll close your ticket as a duplicate. However. I wanted to quickly go through them:

but including these features by default would solve a lot of security problems out of the gate

I don't think we can expect the majority of WordPress users to understand and use 2FA. That's why the plugin ecosystem is so great. See also #32247.

2 factor authentication

Please check out the https://wordpress.org/plugins/two-factor/ feature project. Feature projects are projects that usually start with research and a PoC plugin. If it proves to be a great fit for core, it can be proposed for merge into WordPress itself.

You can learn more about that here: https://make.wordpress.org/core/features/

ability to hide / change the login url to something different (to help prevent bruteforce)

This is just security through obscurity and doesn't really help with anything. See #13118 and #7194 for why we won't do this.

#2 in reply to: ↑ 1 @gausie
6 years ago

Replying to swissspidy:

Please check out the https://wordpress.org/plugins/two-factor/ feature project. Feature projects are projects that usually start with research and a PoC plugin. If it proves to be a great fit for core, it can be proposed for merge into WordPress itself.

FWIW this plugin is not currently featured on the list of feature projects

#3 @swissspidy
6 years ago

@gausie That's absolutely correct. And it shouldn't be. It's listed on the "Beta Testing" tab right now.

#4 @emergencyscotch
6 years ago

Thanks for the suggestions. That plugin looks promising, will check it out.

Note: See TracTickets for help on using tickets.