Hi, Michael from the Discourse team here.
I saw the announcement of the compromise and wanted to point out a feature we previously added to hopefully prevent this kind of compromise in the future.
In the site settings you can set
enforce second factor to
staff - that will ensure that any admins & moderators are required to have 2FA of some sort enabled.