Super Admin 2FA | WordPress.org

[ad_1]

Hi,

I’m adding all the available roles by adding this to the functions.php:

<?php

// Add all roles to 2fa authentication
add_filter( 'sg_security_2fa_roles', 'add_all_roles_to_2fa' );
function add_all_roles_to_2fa( $roles ) {
    $wp_roles = wp_roles();
    $roles = array_keys( $wp_roles->roles );
    return $roles;
}

I noticed that once you are a Super Admin in a Multisite Network and haven’t been assigned to a subsite you can login without using 2FA. Once you add a Super Admin to a subsite the user needs to setup their 2FA.

This is a serious security flaw to enable it for administrators and editors but not for Super Admins who aren’t assigned to a subsite. Is there a way to activate 2FA for all super admins who aren’t assigned to a subsite?

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer