Plugin & Theme authors are now required to have 2FA enabled. (#316)

* Plugin & Theme authors are now required to have 2FA enabled. See https://make.wordpress.org/plugins/2024/09/04/upcoming-security-changes-for-plugin-and-theme-authors-on-wordpress-org/
WordPress · Oct 8, 2024 · 46b274d · 46b274d
1 parent 6a1ff16
commit 46b274d
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/wporg-two-factor.php b/wporg-two-factor.php
@@ -227,16 +227,6 @@ function user_requires_2fa( $user ) : bool {
 		return false;
 	}
 
-	// @codeCoverageIgnoreStart
-	if ( ! array_key_exists( 'phpunit_version', $GLOBALS ) ) {
-		// 2FA is opt-in during beta testing.
-		// todo Remove this once we open it to all users.
-		if ( ! is_2fa_beta_tester( $user ) ) {
-			return false;
-		}
-	}
-	// @codeCoverageIgnoreEnd
-
 	$required = false;
 
 	if ( is_special_user( $user->ID ) ) {
@@ -247,6 +237,16 @@ function user_requires_2fa( $user ) : bool {
 		$required = true;
 	}
 
+	// If a user ... they have to have 2FA enabled.
+	if (
+		// Is (or was) a plugin committer
+		$user->has_plugins ||
+		// Has (or had) a live theme
+		$user->has_themes
+	) {
+		return true;
+	}
+
 	return $required;
 }