Feature request - enable 2FA for all #307
Comments
|
This is a great suggestion @corelanc0d3r. This will probably get resolved with adding the plugins settings #249 and enforcing the two-factor authentication would be one of the main features of those settings. We could also add filters to enable this without waiting for a settings page. |
|
awesome, thanks for the update. Do you happen to have a rough ETA? |
|
Unfortunately I don't have an ETA because there are very few active contributors to this plugin and we never know when somebody can pick this up. |
|
@corelanc0d3r There's also some prior art from wpcom vip's usage here: https://github.com/Automattic/vip-go-mu-plugins/blob/master/two-factor.php#L153 |
|
There is now the two-factor/class-two-factor-core.php Line 325 in 873f782 Here is an example of how to enable the email second-factor for all users that don't have any other enabled: <?php
add_filter(
'two_factor_enabled_providers_for_user',
function( $providers ) {
if ( empty( $providers ) && class_exists( 'Two_Factor_Email' ) ) {
$providers[] = 'Two_Factor_Email';
}
return $providers;
}
);Leaving this open until we either introduce the plugin settings or document this filter. |
|
Sorry if I missed this, but where in the settings page is the ability to set 2FA providers in bulk? Or is it documented? I couldn't find either. |
|
@ecotechie Unfortunately, it can only be done via code for now as described in my comment above (from May 6th). |
|
Oh, right, but this ticket is closed. Thought it would be left open, I guess you meant literally. You would close the ticket once there was a plugin settings, not necessarily this option added to the settings. Great plugin still! |
Hello! Could you please recommend how to launch this filter (& where to put - functions.php?) and how to automatically enable Email 2-Factor for all existing & new users of particular groups? |
|
|
@nathanrona here’s a variation that forces email 2FA on administrators and editors. |
|
What if we want to use add_filter(
'two_factor_enabled_providers_for_user',
function( $providers ) {
if ( empty( $providers ) && class_exists( 'Two_Factor_Email' ) ) {
$providers[] = 'Two_Factor_Email';
}
return $providers;
}
);for email authentication but also allow user to change to Google authentication app TOTP authentication? Then I suppose this code also works right? Do not see enforcement of it using something like function memberpress_two_factor_enabled_providers_for_user($enabled_providers, $user_ID) {
if (!in_array('Two_Factor_Email', $enabled_providers)) {
$enabled_providers[] = 'Two_Factor_Email';
}
return $enabled_providers;
}
add_filter('two_factor_enabled_providers_for_user', 'memberpress_two_factor_enabled_providers_for_user', 1, 2); |
|
Hi. Any updates on this? I just installed the plugin and I don't see a way to enable this as a default option for all users. Didn't want to assume and hence asking if it is done? Cheers. |
There is no such feature yet in the production I think. I have been adding this plugin and then enabling manually for each admin user. |
|
This is a great plugin, and adding 2FA requirements by default for selected user roles is IMO the most important feature to add from a security perspective. However, I'd like to suggest this default requirement should include (well, prompt and strongly encourage) activation for ALL users on sites that have an open, public user account self-registration process enabled. Unfortunately, this can still be defeated by bots, as they already handle this plugin's 2FA challenges without slowing down. |
Hi,
It would be great to have the admin option to mass-enable 2FA for all user accounts (that don't have it activated yet), enabling the email based option and setting it as the primary. (unless the user had already enabled 2FA and set an option)
thanks
The text was updated successfully, but these errors were encountered: