Roll out to SSO domains

[iandunn]

The plugins etc will also need to be added to wordcamp.org, buddypress.org, bbpress.org, etc; or those sites will need to force logins to go through login.w.org.

[dd32]

Of those domains, only WordCamp doesn't force logins through login.wordpress.org. bbPress and BuddyPress already do so.

[dd32]

Marking as completed, as all SSO domains now go through login.w.org

[iandunn]

Are there other things we need to consider? I added some in #16

Both plugins will still need to run on wordcamp.org etc, for #6 etc . We'll probably want to redirect the settings etc on those sites to go to the main settings on w.org though. There may be other things we haven't thought of yet, so testing on those sites would be good IMO.

[dd32]

Both plugins will still need to run on wordcamp.org etc, for #6

Hmm.. Yes, you're right, we'll want to force-enable the 2FA plugins on every WordPress that uses the shared tables, in addition to the single 2FA login.
I was thinking that would be forced at login time, rather than being something that we'd need to run on every page load, but you're totally right, we'll have to monitor it more than that.

We'll probably want to redirect the settings etc on those sites to go to the main settings on w.org though.

This is something that we already need to do really, there's a lot of settings on wp-admin/profile.php that should not be changed there, and in the case of WordCamp, will cause the WordPress.org user data to get out of sync with the database.

[iandunn]

@dd32 , I'm hoping to launch the MVP this week, do you think you'll bandwidth to wrap up this issue?

I think it should be fine to go ahead and install/activate the plugins on wordcamp.org/buddypress.org/etc now, since it's still hidden for beta testers

wporg-two-factor/wporg-two-factor.php

Lines 22 to 27 in db6b456

	function is_2fa_beta_tester() : bool {
	$user = wp_get_current_user();
	$beta_testers = array( 'iandunn', 'dd32', 'paulkevan', 'tellyworth', 'jeffpaul', 'bengreeley' );
	return in_array( $user->user_login, $beta_testers, true );
	}

#16 has some rough notes on how I imagined we'd install/activate the plugins, but I don't feel strongly.

[iandunn]

I went ahead and installed/activated the plugins in #16 since I had time today. I think that just leaves removing the settings, but that seems like it can be done in the next milestone. I opened #52 for that, but if you've already started on it then there's no reason to stop.

Is there anything else you think we should to here?

[dd32]

I think we're good here.

I've manually enabled the plugins on bbpress.org, as it's a single-site and not part of the buddypress.org network, despite sharing the same files.

[iandunn]

👍🏻 thanks!