I would 100% support this idea but it has been discussed repeatedly, again and again. It will not be done on the current forum software.
1. Passwords must be longer and complex, all users must reset password
Depends on what you think is complex. Most of the accounts were hacked either through malware or leaked database; it is very inefficient and a waste of time trying to bruteforce any accounts here.
2. if hacker change the email I must approve the changes to the original email, he/she must have access to the email before having total control of the account
Its not easy, most forum members do not actually have a valid email right now.
3. Optional phone verification, send an sms before important changes.. If someone want maybe have to pay because sms are not free.
So administrator and users have not to lose their time to resume accounts
Not so much of the anonymous nature of Bitcoin being included in the forum, right? 2FA is really more than sufficient, if anyone can get through 2FA, they will get through everything you stated.