Can’t get 2FA to work

  • Resolved trois

    (@trois)


    5 years, 1 month ago

    WP, WF and all other plugins are up to date. Server runs Linux, PHP is 7.2x, OpenSSL is 6 months old. Server-time is UTC-5, less than 1 second offset.

    Site is using CloudfFare – plugins: ‘Flexible SSL for CloudFlare’, ‘Really Simple SSL’ and ‘LiteSpeed Cache’ (that I emptied manually, several times).

    Using Google Authenticator on different Android phones, from different locations for 2 Admins. Using different browsers (FF, Chrome, Edge, Maxthon).

    Tried different configurations (1 plugin disabled etc.), but no luck.

    Found a post mentioning server-time and Authenticator-time not being synched – you can do so in the app-settings, but obviously I can’t change the server-time (other than perhaps changing its Timezone (which doesn’t make sense))?

    I realise there a (too) many different components and settings. Wordfence 2FA-set up was smooth, but it still doesn’t show on the login-screens.

    As a paying client I rather use WF for this – not a fan of installing yet another plugin (only for 2FA), but I also don’t want to leave my site ‘exposed’ (after having to remove ReCaptcha, as that gave problems (as well)).

    Any suggestions how to get it to work in WF?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Jason

    (@eagle456)

    5 years, 1 month ago

    I just installed wordfence on my 5.5.1 version site, PHP 7.4.10, LiteSpeed webserver.

    2fa is working great for admins but not at all for other users. I created a test user and when I log in as this test user I never get any option to use 2fa. The only time I can find a way to set it up is when I log in as an admin and go to the user account, the 2fa page is there but obviously I don’t want to have to set it up for each user, but is that what I have to do?

    Using UltimateMember and have the custom user role I am testing with enabled for 2fa.

    trois, are you having trouble getting 2fa working with an admin user or other?

    Thread Starter trois

    (@trois)

    5 years, 1 month ago

    @eagle456 – only 2 admins (no other users/roles). Set-up is easy, but we’re never asked for that code, on log-in – even with the option checked that admins require a code (and, no grace-period).

    Jason

    (@eagle456)

    5 years, 1 month ago

    You are still able to log in fine without 2fa and never see the 2fa prompt?

    Are you using the default wp login page?

    The docs mention the 2fa prompt may not show if you have a custom login prompt, but I assume if 2fa was truly enabled you would not be able to login unless you entered the code after your password.

    When you go into your user account, do you have the option to deactivate 2fa?

    I was able to go in to the user account and activate 2fa for my other user, but I had to set up it’s 2fa to my phone. After doing that it shows up when I log in, so my issue may be different and I may start a fresh thread but wanted to chime in and say I had admins working fine at least.

    Plugin Support wfpeter

    (@wfpeter)

    5 years, 1 month ago

    Hi @trois, thanks for your detailed message regarding your setup to help us with your query, you do however mention being a paying client.

    As a Premium Wordfence Customer, I recommend opening a support ticket at https://support.wordfence.com. They will be able to assist you faster than through the forums.

    @eagle456 As mentioned in the Forum Guidelines, we need to assist on an individual basis. Please feel free to open a new ticket so that we don’t miss any important details that may prevent your issue being solved sooner.

    Thanks,

    Peter.

    Thread Starter trois

    (@trois)

    5 years, 1 month ago

    @eagle456 “custom login prompt” – good catch! Yes, I do have one ‘secret’ URL, using this plugin: ‘WPS Hide Login’. I overlooked that, my bad. Can’t register both admins on the same phone, as we are in different locations – but maybe the 2nd admin can change it once logged in.
    Thanks for your input – appreciated!

    @wfpeter – going to create a Premium ticket – thanks.

    • This reply was modified 5 years, 1 month ago by trois.
    WFSupport

    (@wfsupport)

    5 years, 1 month ago

    Adding this here in case someone else needs to add different users but are in different geographical locations than they are, and has the requirement for all admins to use 2FA.

    • Add the admin user per normal.
    • Get the new admin to provide you with their public facing IP address.
    • On the Wordfence > Login Security > Settings page add the user’s public facing IP address to the option that says Whitelisted IP addresses that bypass 2FA and save the changes.
    • Have the new admin login and set up 2FA on their phone
    • Once the new admin has registered for 2FA, remove their IP from the option that says Whitelisted IP addresses that bypass 2FA and save the changes.

      • Tim

    Thread Starter trois

    (@trois)

    5 years, 1 month ago

    Thanks Tim!

    Yup, defeated my own settings by adding those IPs (copied from the IP-whitelisting in Wordfence itself).

    It’s working for both admins – thank you.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Can’t get 2FA to work’ is closed to new replies.