Two-factor authentication should (imho) be in core, but core can’t always provide the best ways to accomplish it, for example, text messaging which requires external APIs.
What I see the best fit being, is this:
There is a framework for Two-Factor Authentication in core, that provides two free no-api-required methods for users to select to validate:
- Email (with a warning that it’s not as secure)
- Time-based One-time Password Algorithm (TOTP)
Beyond this, Core would offer a filter to permit plugins to register other authentication methods, for example, Duo Security’s push-based request system, or Jetpack could provide a gateway for text-messages, just as they are sent from WordPress.com.
We would also need to allow a
define( 'DISABLE_TWO_FACTOR_AUTH', true ); line in
wp-config.php that would switch it off, in case a site owner lost their phone and needed to disable it temporarily. I could also see use for a customized define to only disable it for a given user. Ideally this would add a warning to the adminbar for all users that have manage_options() to notify them that it has been disabled.
Other dependencies that would need to be in core:
- Application Passwords
- For systems where the user cannot be prompted for a two-factor auth code (XMLRPC, etc), disallow their normal password for authentication, and force them to use a generated application password that is stored in usermeta.
- For systems where the user can be prompted for a two-factor auth code (wp-login.php) don’t permit the use of application passwords.
- Backup Auth Codes
- Saved in usermeta, not terribly much interesting here.
Howdy, all! Just a bit of a reminder if you’re a webcomic creator, and you’re running your webcomics on WordPress, you can get a pretty big performance improvement (and savings on bandwidth costs) if you activate the Photon module in Jetpack.
Photon is a free Image Content Delivery Network hosted by WordPress.com. For most content images (depending on how your theme is serving them up), it will just swap out a CDN url of the image automagically, nothing to configure.
If you’re using ComicPress, though, it’s got some funky ways of outputting images just due to legacy code. It’s pretty easy to fix, though:
Just upload this as a new file entitled
comicpress-photon.php to your
/wp-content/mu-plugins/ folder — or add it into your theme (or preferably child theme)’s functions.php file (but without the opening
It’s a huge savings on your hosting account because when serving images, your shared host has to keep talking to the client the entire time that the image is downloading, which can occasionally take longer than creating the page that the image is embedded in! So if your webserver has less load, it behaves better, your hosting company is probably happier with you, it’s not getting choked with serving up images when it could serve up HTML or the like, and you’ll instantly become 200% more attractive! (Okay, I lied on the last one)
Starting Monday, April 22nd, I’ll be working full time at Automattic!
When I first started working at Speck Products, I’d remarked to a friend that I thought I’d be there for good. I loved the environment, I loved the people, and I said the only reason I’d ever leave is if Automattic ever wanted me and I could spend my days working full time on WordPress — more in a joking way, as I never really expected it to happen.
Eight plus months later, I find that to be exactly the situation I’m in.
I can’t find a single thing to gripe about regarding my tenure with Speck. Everyone there was an utter joy to work with. Challenges were plentiful to keep me engaged, but never overbearing. I was kept occupied, but never overburdened. Everyone was friendly and provided a great atmosphere.
However, now I’ll get to do something that I count myself as incredibly fortunate for. I get to spend my days doing the sort of work that I’ve volunteered my time doing for the past year and a half. The environment that has been my passion, is now my job. And I couldn’t be happier.
I’ll be spending my days on the Jetpack team for Automattic, increasing the tools available to WordPress.org users through WordPress.com by way of the Jetpack plugin. I’m very excited by the road map we’ve got going forward, and I can’t wait for some of you to see the features that we’ve got in store.
The best is yet to come.