Support » Plugin: Wordfence Security - Firewall & Malware Scan » No way to enter 2FA-code when trying to log-in

  • Resolved Avantart

    (@avantart)


    Hi!

    I am using Firefox 66.0.5
    Wordpress is uptodate
    Wordfence is 7.3.1

    I enabled 2FA-Activation in WF and connected that with the Microsoft Authenticator
    all went well

    now when I try to login at http://www.mysite.de/wp-admin, I get the prompt “Code required . Please provide your 2FA-code”

    but I cannot enter that code. There is no way to enter the digits. Cursor is placed in the username-field

    somewhere I saw the suggestion to add this code directly after the password, but that does not work either

    what to do? I could not log in and had to disable Wordfence completely

Viewing 15 replies - 1 through 15 (of 16 total)
  • Hey @avantart,

    Can you please try checking for a conflict? Try disabling all other plugins and switch to a WordPress default theme to find the offending code. You can use the Health Check & Troubleshooting plugin to help with this. When you use it the plugins and theme are only disabled for the logged in admin user so your visitors won’t notice a disturbance.

    Please let me know how it goes.

    Thanks,

    Gerroald

    I will check tomorrow…

    well, I think you didn’t think enough to recommend to use the “troubleshooting”plugin… (and I also did not reflect enough)

    this only helps inside WOrdpress, but the 2FA-feature works “outside” WP.
    I can activate that plugin but when I log out the mode is not active

    so, I disabled the 2FA-Authentification for the moment, as I have no chance to test in “real life” with standard theme and disabled plugins…

    thanks! M;=)

    Connie

    Did you find a fix for this? i have the same problem. I get prompted for username and password again with a message saying I need to enter 2FA code when prompted, but there is no prompt!

    no, I could login from my selfhosted “Wordfence Central” and deactivate that feature.

    I did not test again because in the moment I have other problems which annoy me enough ;=)

    Thanks for getting back to me.
    I tried disabling all my Plugins except Wordfence, but that did not help.
    I am using the standard WordPress login screen.
    I installed a MFA Plugin called “Two Factor” and it works well using email and also Google Authenticator App.
    Cheers

    jamesl2015

    (@jamesl2015)

    Same issue here:
    “CODE REQUIRED: Please provide your 2FA code when prompted.” over and over and over but no place to enter it and no error for the username and password used.

    This is a WP Multisite and the login works for all sites as expected EXCEPT the MAIN SITE i.e. asks for 2FA code after accepting username and password.

    WP 5.2.3 no plugins added or updated before this started…

    Before this thread gets closed (without a solution), here is some additional feedback.

    I’ve been using Wordfence Security’s 2FA on over a dozen websites without any issue whatsoever. All have something in common, though: they run under Linux. Most use nginx, a few are on Apache. All use PHP 7.+ — php-fpm under Linux, mod_php under Apache.

    By sheer chance, there is a single exception — for a particular customer I had to install a temporary site with WordPress in their FreeBSD server, which runs Apache 2.4.41 — but PHP 5.6.40. There is a reason for this: they’re in the process of migrating an old CMS, which has been abandoned, but which is barely compatible with PHP 5.6 and not compatible with 7.x at all. (For the sake of completeness, you can check what version your system is running by going to Wordfence > Tools > Diagnostics.) PHP 5.6.40 had to be restored from ancient archives and manually compiled since it has been removed from the FreeBSD repositories.

    Anyway, I had the same exact issue as described by the OP (I’ve used Chrome and Safari to test), and first I had to restore access to the back-office. Because it might be helpful for others, here is what I did (remember, this is under Apache; for nginx things are slightly different):

    1. Go to your WordPress installation’s root directory, open the .htaccess file, and delete all lines between # Wordfence WAF and # END Wordfence WAF (don’t worry, these will be restored later)
    2. Now go to wp-content/plugins/ and remove the wordfence directory entirely (again, don’t worry, since all your settings will be stored on the MySQL database)
    3. Login back to your back-office — this time you will not get any requests for 2FA, of course

    Now at this point I simply reinstalled Wordfence again; Wordfence will behave as if it is a ‘new’ installation — i.e. it will modify the .htaccess as before — but it will get most of your personal settings from the MySQL database, so you should be fine.

    In my case, activating 2FA blocked me again — just as before! — so it was clear that something was missing. And it was easy to see what it was: going to Wordfence > Tools > Diagnostics showed that the OpenSSL module had not been found! Wordfence requires OpenSLL to contact its remote servers for the scans (although I believe there is an option to override this; in my case, I just got a warning that the current scan could not be completed because the plugin could not contact the remote servers), and, apparently, so does the 2FA module.

    I thought that I had OpenSSL compiled into PHP… but it was easy to confirm that I had totally forgotten to do so! Therefore, all I did was compile that module (in your case you might simply be able to get the appropriate package), reload Apache, reload the Wordfence Diagnostics page — and, this time, it showed that OpenSLL was active. After re-activating 2FA for my user, I could now log in from any browser — even those which had their cookies and cache cleared, and I got the 2FA box every time!

    I’d suggest that the OP checks if they have OpenSSL enabled or not because it might be as simple as that…

    To the Wordfence developers: while most of your plugin will work without OpenSLL being active, clearly 2FA will fail (without errors on the logs), so I’d suggest that, before allowing users to activate 2FA, you check first if OpenSSL is active or not.

    It’s safe to assume that the vast majority of Wordfence users will have PHP 7+ with OpenSSL enabled — which is pretty much the standard these days! — but a few will not…

    exact same issue here, asks me to enter a 2fa code, however there is no option for the code to be entered…

    would love to know how to fix it – doesn’t appear anyone has a firm solution as to why or how.

    • This reply was modified 9 months, 2 weeks ago by SuperStu.

    I had the issue too, and it resolved after installing the php openssl module (php72-openssl in my case) just like @gwynethllewelyn suggested.
    Thank you @gwynethllewelyn !

    • This reply was modified 7 months, 1 week ago by wtoorop.
    Gwyneth Llewelyn

    (@gwynethllewelyn)

    @wtoorop I’m glad it helped! I’m just sorry that @omgstu wasn’t so lucky…

    jdelgadoesteban

    (@jdelgadoesteban)

    Same issue, very frustrating, had to disable the plugin

    Greatings everyone, 2FA option is very important. You must fix that asap because of Cybercriminality High rates. All Plugins should be coded with standards & Best Security practices! Hope you fix this terrible 2FA issue! Users have no time to code in our place!

    same issue here! what are the guys doing in the wordfence dev team??? Not a good publicity I’m afraid…

    rishabh811

    (@rishabh811)

    Hey,
    if anyone get this issue just enter your 2FA code after the normal login password without any space and Taaadaaa good to go.
    Example- suppose your userID is “Yugoslawakia”
    password is “DingDong”
    2FA code is “123456”
    Fill out the username,
    Fill out the password as “DingDong123456”
    Best of luck.

Viewing 15 replies - 1 through 15 (of 16 total)
  • You must be logged in to reply to this topic.