CSP / DSGVO / WordPress

a true pain in the ass Part II

Getting WP installation in line with #GDPR / #DSGVO is a real pain if you are not willing to accept a B or even a B+ on your ratings.

Why are we doing this?
somehow forced by #GDPR / #DSGVO Art5.1.f Art25 Art32.2

Setting up Content-Security-Policy as we should do to get along with #GDPR / #DSGVO will break your WP-Installation as far as what we seen here so far. The List of not working stuff, ist long, and yes I can tell you really long, from non workin PlugIns over corrupted Themes to a not working default Editor. Sumed Up … a pain in the ass

So what will it gonna be?
After not feeling the vibe for trial and error on this topic we call it a day with an unsafe impelmented CSP but a full working WP installation.


Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) or Two-Step Verification is an additional layer of security you add to your WordPress login page. With 2FA it is nearlly impossible for attackers to hijack your WordPress user, even if they guess the password.

As a benefit the two-factor authentication is in a way good to help mitigate WordPress brute force attacks.

An out of the box install of WordPress does not have 2FA.
You need a third party plugin to enable it on your website.