Do only admin accounts need 2-factor authentication?

  • I have a medium-traffic WP site with one administrative account and about 30 contributor accounts. I’ve implemented the following security features:

    -Non-default username
    -Login limiter
    -Math CAPTCHA
    -Non-default login URL
    -Firewall, database, and file access protection from All In One WordPress Security & Firewall
    -Daily backup

    I’m also looking at adding two-factor authentication. I’m considering giving it to only the admin account to avoid complications with the contributor-level users (many are not very tech savvy). The contributors can only edit and save posts for approval under their own ownership, no additional write privileges are set for them. Is it safe leaving the login setup as is for them? Note that their usernames and names are NOT displayed on their posts or custom posts.

Viewing 1 replies (of 1 total)

  • If they don’t have any write privileges then you an enable for admins and mods only. And it’s better if you give them an option to enable Two-Step if they want.

Viewing 1 replies (of 1 total)
  • The topic ‘Do only admin accounts need 2-factor authentication?’ is closed to new replies.