Hi @the_lar,
Within Wordfence -> Login Security -> Settings, do you see the options to enforce 2FA for other user roles?
For example: https://i.imgur.com/BfBHEEA.png
If you don’t see it there, can you take a screenshot of what you see?
Dave
@wfdave Yes I have that control, but that is only ‘enabling’ 2FA for editors, it doesn’t make sure that they are using it! We all know that given the choice users are lazy and will choose not to use it if they have the choice not to. What is required is a way to FORCE editors, or any type of user, to have to use 2FA. At the moment, as far as I can see, Wordfence only enforces 2FA for admins.
As I said, Google Authenticator does exactly this, it’s just a shame that for some reason it’s stopped working for me!
Kevin
@the_lar Did you already solve that problem? I have exactly the same challenge and would be great to find a workaround.
Best,
Marc
@the_lar @marcfalke
Sorry for the inconvenience.
Currently with Wordfence, 2FA can only be required for administrative users. Using the Enable 2FA for these roles you can enable it for other roles, but cannot require it to be used at the moment.
Hello,
We have the same issue. For us, we need a way to blanket enforce 2FA for ALL roles and users in our WordPress system. Is there code I can add some code to functions.php to force for all roles?
We need this because we run a subscription site and we will be running a Woo Membership paywall. For security we want to make those visitors log in with 2FA.
Thank you
8 months ago, this massive security issue was brought to your attention, and still you have not fixed it. Can you please tell me the reason why you do not have a setting to require roles such as editor, author, customer etc.
Given that WordPress uses only the basic and vastly outdated MD5 encryption for passwords, which can take only milliseconds to crack, I would suggest that it is rather important to enable this option of forcing ALL users to use 2FA.
So come on. At least include it in the full paid version!
Hi…adding my voice to this one. I don’t understand why there is no option to require all users to use 2FA!? This seems like such an obvious thing to have. Why only have the option to force it for admins? (Sometimes it’s the content that we’re trying to protect, not just the back-end settings!)
Please can you fix this? Or suggest another app that can do it?
Hi @wfgerald,
Just checking in if there has been any updates on implementing 2FA for all user roles?
Thanks
I need this as well. I have staff getting their credentials compromised and blog spam getting posted under the radar due to lack of this feature. Very surprised it wasn’t available from the get go.
replying to request to make this as an feature. to force other users than admin to use 2FA
+1
I love Wordfence, but the 2FA functionality is completely useless without being able to mandate it for non-admins too. Makes no sense this isn’t an option. So we’re still forced to use a different 2FA plugin instead.
@wfdave and @wfscott — also chiming in that a code snippet that enables requiring 2FA for other user roles (I have a custom “Website Manager” user role for which I need 2FA to be required, for instance) would be very appreciated.
Another +1 for this feature. We have a few sites with multiple editors and would like to force them to use 2FA but don’t want them to have admin access. I see that they can opt-in but only admins can be forced to enable 2FA.
Would love to use the native Wordfence 2FA functionality rather than bringing another plugin into the mix.
@wfscott is there any chance this will be coming to Wordfence? Thanks.
Any updates about this? Looking for the same feature. Required 2FA for other user roles then just the Administrator.
