Solid Security 2fa partly working

  • jnmida

    (@jnmida)


    1 year, 4 months ago

    I used iThemes security for a few years and it worked fine with 2fa. I migrated the site to a new address, updated to WordPress 6.7.1 from 6.1.1, and updated to Solid Security basic. Everything seems to work with one exception. I can enable 2fa and re-establish the mobile app option for my “Author” id. But when I click on the Configure” button in User Permissions on my administrator ID (Not admin) get taken back to the wordpress home page/dashboard and am never shown the new QR code to set up the new Google Authenticator link.

    So it partly works, but it won’t work for the most important ID the administrator. Any ideas on what might be going on?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter jnmida

    (@jnmida)

    1 year, 3 months ago

    Deactivated and deleted Solid Security. Restarted servers. Reinstalled Solid Security. Now unable to configure any 2FA. Said I needed to “Rotate” security keys but no way to do that. Tried to Set Encryption Key and get the following errors:
    Could not rotate ‘_two_factor_totp_key’ for ‘2’: Could not decrypt secret
    Could not rotate ‘_two_factor_totp_key’ for ‘3’: Could not decrypt secret

    The Rotate Key block is now gone with no way to do anything. Without a reply in a few days I will have no choice but to abandon Solid Security as a plugin that doesn’t work.

    Thread Starter jnmida

    (@jnmida)

    1 year, 3 months ago

    Uninstalled and reinstalled AGAIN and am back to the original problem. An Author ID has 2FA enabled fine. But my primary administrator account will ONLY work with the email option. EVERY time I try to enable the 2FA in my profile options it kicks me out to the wordpress dashboard and does not open the security options. Waiting for an opinion before permanently deleting the plugin.

    Thread Starter jnmida

    (@jnmida)

    1 year, 3 months ago

    Uninstalled and deleted. Determined plugin doesn’t work. Loaded wordfence which is working fine now.

    Plugin Support chandelierrr

    (@shanedelierrr)

    1 year, 3 months ago

    Hi @jnmida,

    So sorry for the slow turnaround here. Our team has been slowly trickling back to capacity from thanksgiving, but now I’m here to help!

    Getting the Could not decrypt secret message for selected User IDs when trying to rotate it, means that those users need to manually reset their Mobile App 2FA key because Solid Security cannot decrypt it. Common causes of 2FA TOTP keys not properly rotated are:

    • Migrating the site to a new host.
    • Incomplete plugin reinstall/uninstall, leaving old data behind (especially with manual processes)

    It sounds like you’ve already tried resetting the Mobile App 2FA key for your account but the button to generate a new QR is missing: https://share.zight.com/9Zu6GepA – Is this correct?

    If so, can you please send screenshots or recording of how it looks when you try to click “Configure” and proceed to the Mobile App 2FA process via WP Admin > Users > Profile > Solid Security User Settings?

    Looking forward to your update!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Solid Security 2fa partly working’ is closed to new replies.