September 12 (Portaltic/EP) –
WordPress.org will strengthen user security by incorporating a mandatory multi-factor authentication (2FA) system for plugin and theme creators starting October 1.
Setting up 2FA is a method that allows you to add an extra layer of security to the authentication process when logging into an account. Automattic has begun notifying users of WordPress.org, the website that hosts the open-source version of WordPress, to update their settings to enable it.
The reason is that the company has now announced that two-factor authentication will be mandatory for theme and plugin creator accounts, a measure that will be adopted globally starting next month. October 1st.
WordPress.org contributor Dion Hulse has said that this feature is a result of “continuous effort” to strengthen security features. And along with the addition of 2FA, he has also introduced so-called Subversion (SVN) passwords, which have been launched “to separate access to commits from login credentials.” “main WordPress.org account”.
The company uses Subversion to control and update plugins in its official directory and works in a similar way to GitHub Action. With this change, therefore, creators can protect the main WordPress.org password and easily revoke access to this repository without having to change other credentials in case of exposure.
Finally, Hulse explained that “due to technical limitations“, the two-step verification system cannot be applied to their existing code repositories and that is why they have chosen to protect the website’s code through a combination of two factors at the account level.
Add Comment