Hi @stewart66789,
Here first we need to make sure that the issue is of AIOS plugin.
If you are not allowed to login as admin and deactivate the AIOS plugin from Plugins list.
Rename the plugin folder “all-in-one-wp-security-and-firewall” to “all-in-one-wp-security-and-firewall-deactivated” at location /wp-content/plugins/all-in-one-wp-security-and-firewall It will deactivate the plugin and will allow to access using wp-login.php
If still an issue it might be issue other than the AIOS. IF possible also deactivate any cache plugin.
Here it might be due to 2FA / Captcha it may show “invalid login details”, Some times due to other plugin / theme conflict it do not show exact AIOS error message.
Please add one by one below constant before wp-settings.php added in wp-config.php file and check if it solves the issue or not. AIOS_DISABLE_LOGIN_LOCKOUT should disable captcha.
define( 'AIOS_DISABLE_LOGIN_LOCKOUT', true );
define('TWO_FACTOR_DISABLE', true);
Regards
Thank you. I’ve saved these notes for the next recurrence of the issue, as I had to create a new user and delete the old one to resolve the issue in the short term.
I will check these, when it recurrs (likely soon).
Please leave thread open meanwhile and I will update asap.
Many thanks,
Stewart
Update on this.
Tried all suggestions, the one that worked was this one in wpconfig file:
define(‘TWO_FACTOR_DISABLE’, true);
So thanks for this.
Does this line need to remain in wpconfig permanently?
Is this a known bug being looked at?
We can not use 2FA at all now?
Many thanks,
Stewart
Hi @stewart66789,
Do you have TFA enabled for that user? Do console log shows any error for the TFA? you have to remove constant from the wp-config.php to check.
Some how it does not show input and submitted. Can you please let me know list of plugins installed there So I can check here if any conflict, you may use https://pastebin.com/ for that it has also option burn after read.
Mostly due to any other plugin conflict or js error it do not show the OTP code input and submitted that might be the reason.
Regards
We had 2FA switched on in general, but not live for that user when the erros are occurring.
Console logs do not show any errors when the issue occurs unfortunately.
Audit logs in the software do not show any errors.
List of plugins is at:
https://pastebin.com/S3MuHFPW
Many thanks, Stewart
Hi @stewart66789
Can you please disable below three plugins one by one all and check if it solves the issue. I see 1st as potential conflict as it does also have TFA and login security.
- Really Simple Security
- Clean talk anti-spam
- Litespeed cache
Regards
We use Really Simple Security mainly to ensure SSL redirects work ok.
Upon disabling Litespeed, Really Simple Security, and Cleantalk, both individualy and in combination together, and removing the exception line from wp-config, we see this error in all cases:
http://prntscr.com/HqajrI2xj4JU
Be aware that 2FA inside AIOS is switched off throughout all the above: http://prntscr.com/-tP7QtPspFSx
Many thanks, Stewart
-
This reply was modified 7 months, 2 weeks ago by
stewart66789.
Hi @stewart66789,
“The site owner has forbidden you to login without two-factor authentication” This message is due to the Make TFA Required for user roles settings.
It is a features of the AIOS premium version. Unfortunately, the rules of WordPress.org do not allow us to use their forums for support related to paid software. However, you can raise a support ticket on our website.
Regards
Thanks.
We previously had Premium version, then downgraded. Currently running free version.
When I untick all user roles (http://prntscr.com/KlWNs1oDqaPH) then remove exception line on wpconfig, we can log in again.
In Settings > 2FA tab, when I retick “Administrator” in list of user roles, we once again receive error “Invalid login details”.
So possibly the list of user roles in Settings > 2FA, is an artefact left behind when downgrading from Premium to Free, that is not supposed to be there? And is causing the error?
Otherwise, the 2FA on free version is still causing this error.
Currently I will remove exception line in wp-config and leave 2FA off inside Settings.
Hope this is clear. Many thanks for your help, Stewart.
It is a features of the AIOS premium version.
We previously had Premium version, then downgraded. Currently running free version.
Have you deleted and completely removed the premium version? If not for pro or customer support, please contact the developer on their site. This includes pre-sales information.
As the developer is aware, customers may not be supported on this site.
https://wordpress.org/support/guidelines/#do-not-post-about-commercial-products
Yes, pro was already completely removed, before we started getting these errors.
