Super Admin 2FA

  • Resolved WinsleyJ

    (@winsleyj)


    1 year, 4 months ago

    Hi,

    I’m adding all the available roles by adding this to the functions.php:

    <?php

// Add all roles to 2fa authentication
add_filter( 'sg_security_2fa_roles', 'add_all_roles_to_2fa' );
function add_all_roles_to_2fa( $roles ) {
    $wp_roles = wp_roles();
    $roles = array_keys( $wp_roles->roles );
    return $roles;
}

    I noticed that once you are a Super Admin in a Multisite Network and haven’t been assigned to a subsite you can login without using 2FA. Once you add a Super Admin to a subsite the user needs to setup their 2FA.

    This is a serious security flaw to enable it for administrators and editors but not for Super Admins who aren’t assigned to a subsite. Is there a way to activate 2FA for all super admins who aren’t assigned to a subsite?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter WinsleyJ

    (@winsleyj)

    I think it’s because the Super Admin isn’t really a role but the usernames of all Super Admins are stored in the wp_sitemeta table as site_admins.

    So there should be an extra check that activates 2FA for them if they aren’t assigned to a subsite.

    • This reply was modified 1 year, 4 months ago by WinsleyJ.
    Plugin Support daniellaivanova

    (@daniellaivanova)

    Hello @winsleyj,

    We noticed that you already posted a ticket on the matter through your SiteGround Client area. To avoid any misunderstanding, I would recommend using the aforementioned ticket to discuss the reported behaviour.

    We would make sure to provide an update on the case via the ticketing system as soon as possible.

    Best regards,
    Daniela Ivanova

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Super Admin 2FA’ is closed to new replies.