Upcoming Security Changes for Plugin and Theme Authors on WordPress.org

WordPress.org is committed to protecting accounts that play a crucial role in the WordPress ecosystem. Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide. Securing these accounts is essential to preventing unauthorized access and maintaining the security and trust of the WordPress.org community.

As part of this ongoing effort, we are introducing a new security requirement: mandatory two-factor authentication (2FA) for plugin and theme authors, starting on October 1st, 2024.

In addition to mandatory 2FA, we’re introducing SVN passwords, replacing your user account password with an SVN-specific password for