WordPress.org

Make WordPress Core

Opened 19 months ago

Closed 19 months ago

Last modified 14 months ago

#44552 closed feature request (duplicate)

Better security for wp-admin console

Reported by: emergencyscotch Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.7
Component: Administration Keywords:
Focuses: ui, administration Cc:
PR Number:

Description

There are a number of plugins designed to address these issues, but including these features by default would solve a lot of security problems out of the gate and would be more secure / reliable than depending on 3rd party plugin developers:

  • 2 factor authentication
  • ability to hide / change the login url to something different (to help prevent bruteforce), e.g. "admin.example.com"

Change History (4)

#1 follow-up: @swissspidy
19 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi and welcome to WordPress Trac!

These questions have come up multiple times before, so I'll close your ticket as a duplicate. However. I wanted to quickly go through them:

but including these features by default would solve a lot of security problems out of the gate

I don't think we can expect the majority of WordPress users to understand and use 2FA. That's why the plugin ecosystem is so great. See also #32247.

2 factor authentication

Please check out the https://wordpress.org/plugins/two-factor/ feature project. Feature projects are projects that usually start with research and a PoC plugin. If it proves to be a great fit for core, it can be proposed for merge into WordPress itself.

You can learn more about that here: https://make.wordpress.org/core/features/

ability to hide / change the login url to something different (to help prevent bruteforce)

This is just security through obscurity and doesn't really help with anything. See #13118 and #7194 for why we won't do this.

#2 in reply to: ↑ 1 @gausie
14 months ago

Replying to swissspidy:

Please check out the https://wordpress.org/plugins/two-factor/ feature project. Feature projects are projects that usually start with research and a PoC plugin. If it proves to be a great fit for core, it can be proposed for merge into WordPress itself.

FWIW this plugin is not currently featured on the list of feature projects

#3 @swissspidy
14 months ago

@gausie That's absolutely correct. And it shouldn't be. It's listed on the "Beta Testing" tab right now.

#4 @emergencyscotch
14 months ago

Thanks for the suggestions. That plugin looks promising, will check it out.

Note: See TracTickets for help on using tickets.