Authy 2FA has locked me out of my site

  • Mollymowler

    (@mollymowler)


    6 years, 11 months ago

    I instigated 2FA on my wordpress.org website using the authy app on my iphone. I didn’t install an authy plugin, fool that I am.

    So when I key in the token sent via mobile text, the site says ‘invalid verification code’.

    As a result, I can’t get into my site. If I use a previous backupbuddy backup, including database, will this restore the situation? I’ll lose some recent blogs, so if there’s another way, I’d be grateful for the help.

    All authy says is ‘Typically, the account reset fixes issues associated with invalid password. Please contact WordPress directly, they can assist with removing 2FA if you can’t log into the account.’ Gee, thanks.
    James

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    6 years, 11 months ago

    How exactly did you integrate Authy on your site without a plugin?

    If you restore a backup prior to integrating that, you’ll definitely be able to access your site again, but there should be a way to just remove the integration you added if you let us know how you did it.

    Thread Starter Mollymowler

    (@mollymowler)

    6 years, 11 months ago

    I think I misread the WP instructions but I downloaded the app onto my iPhone, scanned the qr-code in WordPress, used the verication from that and applied it to the app. So the app started to generate the codes but obviously they weren’t being accepted by WP. To be fair, as a non-techie person, it was pretty stupid but WP as I recall simply had URLs to several 2FA apps, and when I chose authy I followed the instructions and I don’t recall WP saying anything about installing an authy plugin as well. So, I think it has probably modified the dB, but I can’t see anything new written in the WP config file or anywhere else in the actual WP install. Hope this helps! Cheers, James.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    6 years, 11 months ago

    WordPress itself doesn’t have a 2FA system on its own, that functionality would have been added by a plugin, which means disabling it as a simple as manually resetting your plugins (no Dashboard access required).

    No matter which method you use detailed in the guide linked to above, phpMyAdmin or SFTP/FTP, you’ll find both in your hosting account’s control panel.

    Thread Starter Mollymowler

    (@mollymowler)

    6 years, 11 months ago

    James, I can assure you that there is no plugin associated with authy in the WP plugins folder, as I double checked with my ftp program. James.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    6 years, 11 months ago

    Still, try resetting all of your plugins.

    I can assure you, of my almost 14 years using WordPress and volunteering here, that WordPress has no built-in 2FA system, so if you scanned a QR code in WordPress to setup a 2FA system, it is most likely a plugin.

    Authy’s app supports multiple 2FA protocols, so it doesn’t necessarily have to be a plugin with Authy in the name.

    Thread Starter Mollymowler

    (@mollymowler)

    6 years, 11 months ago

    James, I don’t doubt your technical expertise. But the plugins folder contains exactly the same plugins that it did before. But I have just carried out the plugin reset. I then renamed the folder back and logged in to the site. I keyed in my username and password. Then the same verification code box comes up with the accompanying text saying:
    ‘A verification code has been sent to the email address associated with your account.’ As authy only creates codes on the iphone app, I assume it is these that I must use, as I do not receive any codes via email. I only have two email addresses, neither of which has ever received any codes via email. James.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    6 years, 11 months ago

    What is the URL of the site with the problem? Are you logging in through a service other than WordPress’s account system, like perhaps WordPress.com by way of the Jetpack plugin?

    Thread Starter Mollymowler

    (@mollymowler)

    6 years, 11 months ago

    No, I’m not using wordpress.com or anything. I have a standard Apache cloud server with one of the leading ISPs. I host five sites on it, including this one with the 2FA problem. The URL is http://www.branddoctorconsulting.com.

    I’m beginning to think the quickest and easiest way is to go the backupbuddy route and put everything back as it was!

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    6 years, 11 months ago

    Yeah, that’s not using WordPress.com’s system at least.

    What plugins do you have installed?

    Thread Starter Mollymowler

    (@mollymowler)

    6 years, 11 months ago

    iThemes Security Pro (should have used their 2FA approach!)
    si-contact form
    headway testimonials block
    fix ssl non-ssl links
    wp-mail smtp (which works perfectly sending mail from WP)

    That’s all I have.I’m using the Headway theme, with a child theme.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    6 years, 11 months ago

    I bet you actually might have used iThemes Security’s 2FA, Authy will work with that. 🙂

    Access your server via SFTP or FTP, or a file manager in your hosting account’s control panel, navigate to /wp-content/plugins/ and delete the /better-wp-security/ directory.

    That will disable all of iThemes Security’s functionality, including its 2FA system.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Authy 2FA has locked me out of my site’ is closed to new replies.

Tags