openstreetmap
Enable and Require 2FA login for all wordpress sites
We run a few wordpress sites. To improve security we should require 2FA enabled login.
May need to find a suitable (supported) plugin to enable 2FA in wordpress.
- blog.openstreetmap.org
- 2007.stateofthemap.org
- 2008.stateofthemap.org
- 2009.stateofthemap.org
- 2010.stateofthemap.org
- 2011.stateofthemap.org
- 2012.stateofthemap.org
- join.osmfoundation.org (civicrm)
Can we just disable logins for the stateofthemap ones maybe? No idea if that's possible but they're all just archived basically.
Can we just disable logins for the stateofthemap ones maybe? No idea if that's possible but they're all just archived basically.
Yes, it should be possible to do it using the wp-cli (remove cap).
An option is the plugin: https://wordpress.org/plugins/wp-2fa/ (some features are commercial, but base features are free)
I will review others plugins too.
As an early step I have emailed all blog.openstreetmap.org user asking if they still use their accounts. Quite a few bounces.
We are using https://wordpress.org/plugins/wp-2fa/ and it has been live on blog.openstreetmap.org for a few months.
Once the plugin is installed it requires a bit of manual configuration to enable it.
So the to-do on this is install it on all sites, configure it on all sites, set a deadline, and notify users?
So the to-do on this is install it on all sites, configure it on all sites, set a deadline, and notify users?
Yes, but only for join.osmfoundation.org. The other legacy sites my preference would be to just disable all users.