I couldn’t wait for a response. I went ahead and uploaded the wp-cerber reset file, which disabled the plugin, although my alternate login url was still applied. I reinstalled and set up wp-cerber again from scratch. I’m waiting for a few days of successful logins before reenabling 2FA. I’m hoping this was just a fluke and that it doesn’t occur again or on my other sites.
Now it has happened on another one of my sites, javajoeroasters.com. Am I the only one?
Plugin Author
gioni
(@gioni)
1. Check the Activity log for 2FA-related events and requests from your IP. If something goes wrong, WP Cerber logs that.
2. Go to the Main Settings and make sure that the “Load security engine” setting is set to “Standard mode.”
Activity log file location, since I can’t access it through the dashboard? Sorry, I tried googling it. Security engine is set to standard on all my sites. Thanks
After I tried to log into javajoeroasters.com, I checked on another site (steamforcesolutions.com), and it did it to me a couple times but then it let me in. In the activity log, it shows from my ip address 6 “spam form submissions denied – bot detected” (I think I only tried it a couple times), and then one “enforced”, and then one “logged in – 2fa code verified”. I don’t know what that means…
In a screwy, round-about way, I got it to let me in on the javajoeroasters site. I kept hitting try again and cancel until it finally backed out and loaded the home page with the wp admin bar at the top. From there, if I click on dashboard, it went back to the 2fa page. However, when I clicked on something else, like Themes, it loaded that page and I’m back in and have full access. I don’t see an explanation when looking at the activity log, including when looking at it filtered to 2fa activity. I’ve exported it if you’d like to see it. I then tried logging out, changing my vpn ip address, and now I’m locked out again.
