We should enable 2FA for our wordpress site. https://www.wpwhitesecurity.com/best-two-factor-authentication-plugins-wordpress/ lists a few free such plugins.
Since we all have Google Authenticator installed for 2FA elsewhere we should probably go with that one.
We want to manually set this as required for all Administrators and likely also all "redaktör"
What's been done
- Evelina has installed Two-Factor, a plugin for two factor authentication.
- One of the options for 2FA is Google Authenticator.
- Another option is to get a code to your email address.
- Evelina has enabled 2FA via e-mail for all administrators and editors.
- Evelina has sent an e-mail about this to the staff.
How to change from 2FA via email to Google Authenticator
- Log on to your account (wikimedia.se/login) and go to your profile.
- Scroll to Two-Factor Options and uncheck Email.
- Check Time Based One-Time Password (Google Authenticator).
- Scan the QR code with your Google Authenticator app.