Defender suggestions for 2fa and hsts

1. If you go to your WordPress profile and go to setup Defender's 2FA, there is no option to enter the 2FA setup code manually.
Most 2FA implementation allow you to enter the setup code manually in case you don't have a camera at the ready to scan the QR code, so this would be a nice improvement for Defender.

2. It was mentioned somewhere that Defender is going to get a feature to enable the HSTS security header. But there are a couple more headers that could be useful.
I'd like to see the headers on this page: https://www.123.org/index.php/OWASP_Secure_Headers_Project#tab=Headers added to Defender as well.

  • Ash
    • WordPress Hacker

    Hello Julian

    Thank you for your suggestion. As authenticator is mobile based app and camera is a common feature on all smartphones, I think that's why it was considered to not have a manual option. But you are right, the camera could be broken or there might be some technical difficulty. So, that could be a very useful feature.

    I am marking this as a feature request so other members can share their thoughts on this. I am also sending a note to the dev team about security header suggestion and a manual option to setup 2FA.

    Have a nice day!

    Cheers,
    Ash

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.