Defender and FORCED Two-Step Verification

I’d like the ability to force users to do two step verification in Defender. Right now the individual user has to choose it as an option. As the person who runs the network I am more freaked out about security than users — they want it as easy as possible to login — as the guy who has to fix it if/when it gets hacked I’d rather force everyone to have hard passwords and two step verification. Hope you will change this asap.

  • Ash
    • WordPress Hacker

    By the way, if you are familiar with coding, you can use the following snippet to force every users to use 2factor:

    add_filter( 'get_user_metadata', 'force2factor', 99, 4 );
    function force2factor( $val, $object_id, $meta_key, $single )
    {
    global $pagenow;
    if( $pagenow == 'profile.php' )
    {
    remove_filter( 'get_user_metadata', 'force2factor', 99, 4 );
    return get_user_meta( $userID, 'defenderAuthOn', true );
    }
    if( $meta_key == 'defenderAuthOn' ) return true;
    }

    You can use this code in your theme’s functions.php if the theme is not changed. Otherwise mu-plugin is the best option. To create a mu-plugin, go to wp-content/mu-plugins folder. If there is no mu-plugins folder then, create one. Now, inside the mu-plugins folder create file with name anything.php (make sure file extension is .php). Now start with a <?php tag and then put the above code.

    Hope it helps! Please feel free to ask more questions if you have any.

    Have a nice day!

    Cheers,

    Ash

  • Ash
    • WordPress Hacker

    Hello Seth Gitner

    In that case, you can offer another thing. Maybe when user logs in and if the system finds that 2FA is not enabled, then force the user to stay only at profile page and he won’t be able to access any other page. And maybe with a notice at top to suggesting to enable 2FA?

    Have a nice day!

    Cheers,

    Ash

  • Ash
    • WordPress Hacker

    Hello Seth Gitner

    Please remove the previous code and add the following:

    function force_to_profile_page() {
    $defenderAuthOn = get_user_meta( get_current_user_id(), 'defenderAuthOn', true );
    if( ! $defenderAuthOn ) {
    ?>
    <div class="notice notice-error is-dismissible">
    <p><?php echo 'You must enable the 2FA to use this site!'; ?></p>
    </div>
    <?php
    }
    }
    add_action( 'admin_notices', 'force_to_profile_page' );

    add_action( 'template_redirect', function() {
    if( ! is_user_logged_in() ) return;

    $defenderAuthOn = get_user_meta( get_current_user_id(), 'defenderAuthOn', true );
    if( ! $defenderAuthOn ) {
    wp_redirect( admin_url( 'profile.php' ) );
    exit;
    }
    } );

    Hope it helps! Please feel free to ask more questions if you have any.

    Have a nice day!

    Cheers,

    Ash

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.