Two-Factor Authentication is Required for All People With the Capabilities to Publish Here, on make/core

Welcome!

The WordPress coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. development team builds WordPress! Follow this site for general updates, status reports, and the occasional code debate. There’s lots of ways to contribute:

Found a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.? Create a ticket in the bug tracker.

Want to contribute? Get started quickly with tickets marked as good first bugs for new contributors or join a bug scrub. There’s more on the reports page, like patches needing testing, and on feature projects page.

Other questions? Here is a detailed handbook for contributors, complete with tutorials.

WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ is committed to protecting accounts that play a crucial role in the WordPress ecosystem. Accounts with the ability to publish posts on the authoritative source of information from the WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. team need to be secure in order to prevent unauthorized access and maintain the security and trust of the WordPress.org community.

Effective 16 September 2025, any author, editor, or administrator without two-factor authentication enabled will have their role changed to contributor. If your account was demoted as a part of this, after you have enabled two-factor please comment on this post to have your old role restored.

Configuring 2FA on Your Account

You may have noticed prompts when logging in to WordPress.org encouraging you to configure 2FA. If you haven’t yet, visit this link to do so: https://profiles.wordpress.org/me/profile/security.

Please ensure you store your backup codes securely, if you lose access to your two-factor authentication method and your backup codes, the process to regain access to your account may not be easy.

If you encounter any difficulties while setting up 2FA, follow the steps outlined in Configuring Two-Factor Authentication.

Props to @davidbaumwald, @francina, and @desrosj for reviewing this post and @dd32 for a post whose language was reused here

#core

Jb Audras 10:13 pm on September 11, 2025

A basic security rule that truly needs to be enforced within the community. Thanks!
It should probably be enforced on the whole dotorg multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site as well.
Ahmed Kabir Chaion 11:40 am on September 16, 2025

A big ‘Yes’ for this. Thanks @jorbin 🎉
Aaron Jorbin 6:44 pm on September 16, 2025

All author, editor, and administrators without two-factor authentication enabled have now had their role changed to contributor.

Comments are closed.

Welcome!

Communication

Configuring 2FA on Your Account

Share this:

Site resources