WordPress.org is committed to protecting accounts that play a crucial role in the WordPress ecosystem. Accounts with the ability to publish posts on the authoritative source of information from the WordPress Core team need to be secure in order to prevent unauthorized access and maintain the security and trust of the WordPress.org community.
Effective 16 September 2025, any author, editor, or administrator without two-factor authentication enabled will have their role changed to contributor. If your account was demoted as a part of this, after you have enabled two-factor please comment on this post to have your old role restored.
Configuring 2FA on Your Account
You may have noticed prompts when logging in to WordPress.org encouraging you to configure 2FA. If you haven’t yet, visit this link to do so: https://profiles.wordpress.org/me/profile/security.
Please ensure you store your backup codes securely, if you lose access to your two-factor authentication method and your backup codes, the process to regain access to your account may not be easy.
If you encounter any difficulties while setting up 2FA, follow the steps outlined in Configuring Two-Factor Authentication.
Props to @davidbaumwald, @francina, and @desrosj for reviewing this post and @dd32 for a post whose language was reused here
Click here to continue reading this article.