Hooks to support requesting 2FA for plugins extending two-factor core functionality
#644
Labels
Compatibility
Compatibility with other plugins, Core, back-compat
Milestone
Comments
jeffpaul
added
the
Compatibility
|
I've been working on something similar for WordPress.org: WordPress/wporg-two-factor#283 A way to prompt a user for 2FA validation within a certain timeframe (Last 5 minutes for example) to proceed with an action. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your enhancement related to a problem? Please describe.
There are potential cases of other plugins, or perhaps custom site functionality, where they might want to leverage the
two-factorcore plugin functionality to trigger a re-auth of a specific users 2FA credentials. One example here would be a site with an expected high traffic event (e.g. Cyber Monday ad, Super Bowl ad) or perhaps becoming a larger target for hacks and improper publishing (e.g. news org during a national election) wherein they want to force someone trying to update or publish new content to go through re-auth via 2FA to ensure that the author and content being updated/published is done so by a properly credentialed user (versus someone who perhaps gained access to someone's machine to try and update/publish nefarious content).Proposed Solution
Well documented hooks to expose portions of the 2FA auth flow from places within the WP Admin or site front end as well as some sample code snippets feels like a solid option to support this sort of compatibility/extension of the
two-factorplugin.Designs
No response
Describe alternatives you've considered
No response
Please confirm that you have searched existing issues in this repository.
Yes
The text was updated successfully, but these errors were encountered: