Title: 2FA User Permissions Bug
Last modified: August 24, 2023

---

# 2FA User Permissions Bug

 *  Resolved [mattybrook](https://wordpress.org/support/users/mattybrook/)
 * (@mattybrook)
 * [2 years, 12 months ago](https://wordpress.org/support/topic/2fa-user-permissions-bug/)
 * Hello, Ive discovered a bug with the WordFence 2FA user permissions.
 * On our site we have a specific role for our users, which they should be able 
   to reset another user’s grace period for activating their 2FA codes
 * However while this button displays on a user profile, they get an error saying
   they cannot the grace period
 * ![](https://i0.wp.com/imgtr.ee/images/2023/07/14/6f139195e8eca52eb528493a77ad4cc6.
   png?ssl=1)
 * If enable the user permission ‘wf2fa_manage_settings’ then they are now able 
   to use the button.
 * However this permission also grants the ability to Login Security Settings. Which
   we cannot allow as this gives them the ability to manage which roles require 
   2FA (which means they can effectively disable it).

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [2 years, 12 months ago](https://wordpress.org/support/topic/2fa-user-permissions-bug/#post-16900248)
 * Hi [@mattybrook](https://wordpress.org/support/users/mattybrook/), thank-you 
   for your message about this.
 * I’ve spoken to the team about your observations. If the user doesn’t have access
   to `wf2fa_manage_settings`, they shouldn’t see that option. The behavior where
   they’re unable to reset the grace period for other users without that permission**
   is** as intended, however.
 * As these users have higher permissions than usual (as site users won’t see/edit
   other user accounts by default), but not high enough to manage the overall settings
   of Wordfence, that is why the option is showing despite their inability to change
   the value.
 * We will treat this as a feature request to alter that feature’s visibility, add
   more specific permissions to separate the option seen here from the Login Security
   settings access. I can’t speculate here on the forums about delivery timescales
   or when it may be considered during a plugin update cycle.
 * Many thanks,
   Peter.
 *  Thread Starter [mattybrook](https://wordpress.org/support/users/mattybrook/)
 * (@mattybrook)
 * [2 years, 11 months ago](https://wordpress.org/support/topic/2fa-user-permissions-bug/#post-16952294)
 * Hi Peter,
 * Apologies for the delay in response here.
 * Thanks for clarification with the 2FA permission settings.
 * Regarding the feature request you mentioned, while I appreciate you cannot give
   any time estimates. Does WordFence provide a list of future updates to come, 
   so we can keep track of the status of this.
 * Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘2FA User Permissions Bug’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 2 replies
 * 4 participants
 * Last reply from: [mattybrook](https://wordpress.org/support/users/mattybrook/)
 * Last activity: [2 years, 11 months ago](https://wordpress.org/support/topic/2fa-user-permissions-bug/#post-16952294)
 * Status: resolved