2FA is skipped when WP Cerber plugin is enabled | WordPress.org

Simon
(@sdellenb)

6 months, 2 weeks ago

When I have WP Cerber enabled with default settings, the login will not ask for the second factor (TOTP in my case). It seems like 2FA is completely skipped, but I have not been able to determine why and there’s no error on the page or in the logs.

I have tried to disable individual settings in WP Cerber, but none made a difference. It has an option to set a custom login URL, which is disabled by default. It also registers an ‘authenticate’ filter, but with the lowest possible priority: https://github.com/common-repository/wp-cerber/blob/318d894e487455ae9eb89a8704ec09f1590d311d/cerber-load.php#L1107 (not latest version, but this code is the same as latest)

Workaround is to disable the WP Cerber plugin, but that’s not a permanent solution for me.

(Background: I switched from Two Factor to Secure 2FA because otherwise Secure Passkeys wouldn’t work, see also https://wordpress.org/support/topic/can-2fa-work-alongside-passkeys/)

Viewing 1 replies (of 1 total)

Plugin Author Mohamed Endisha
(@endisha)

6 months ago

@sdellenb

Thank you for the detailed explanation. I really appreciate you taking the time to investigate it.

I haven’t used or tested the WP Cerber plugin myself, so I can’t say exactly why this conflict happens. It seems likely that something in the way WP Cerber handles authentication hooks is interfering with Secure 2FA.

If possible, I’d recommend reaching out to WP Cerber’s support as well.

Viewing 1 replies (of 1 total)

The topic ‘2FA is skipped when WP Cerber plugin is enabled’ is closed to new replies.

1 reply
2 participants
Last reply from: Mohamed Endisha
Last activity: 6 months ago
Status: not resolved