SaltechDesign
New Pleskian
- Server operating system version
- CentOS Linux 7.9.2009 (Core)
- Plesk version and microupdate number
- Plesk Obsidian 18.0.79 Update #2 Web Host Edition
I have a quick question and a feature suggestion regarding how WP Toolkit handles WordPress logins now:
This would be a massive quality-of-life and security improvement for agencies managing multiple sites.
- Wordfence 2FA Bypass: We've noticed that clicking "Log In" via WP Toolkit completely bypasses WordPress-level security, specifically Wordfence 2FA. Is there a native way to force WP Toolkit to respect application-level 2FA, or is this bypass expected behavior due to the server-level login injection?
- Switching Login Users: Because of this bypass, being able to precisely control which admin account the toolkit logs into is critical for our security auditing. However, clicking "Setup" next to the Administrator username forces us to input or generate a new password to save any changes and its not clear on whether or not this sets the default WP admin account for WP Toolkit to use for single sign on.
This would be a massive quality-of-life and security improvement for agencies managing multiple sites.