I'm running a multisite on WP Engine, and they modify the wp-login url to do some custom security work.
I've been chatting with their technical support and they have a suggestion for making this plugin more general for better compatibility.
I have tested their suggestions on a few installs both WPEngine and non, both multisite and single site, and it does not affect the functionality of the plugin, only extends compatibility.
On line 76 of duo_wordpress.php, trac link:
change this line:
'post_action': '<?php echo wp_login_url() ?>',
'post_action': '<?php echo site_url( 'wp-login.php', 'login_post' ) ?>',
Here's the Codex link for site_url:
For example WPEngine changes the login_post scheme to append some parameters their security system needs to the url like so:
These parameters were not being called when using wp_login_url()