@taco100
You can add below constant in wp-config.php and try it will disable 2FA for all users and will allow to login. Once another user logged in and setup 2FA again you can remove it.
define('TWO_FACTOR_DISABLE', true);
Regards
Thanks hjogiupdraftplus
We took a simpler approach – disabled 2FA for all users, than he logged in regularly, than we’ve enabled it again, and while he is logged in – re-linked his phone to the website.
Best
-
This reply was modified 1 month, 1 week ago by
taco100.
Hi @taco100,
Glad to know issue seems solved.
Would you mind writing a quick five-star review on wordpress.org?
https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post
Reviews also help others to make confident decisions about our plugin.
Regards
Thanks again
I think that your support is 5 (even 10) stars.
But the plugin itself isn’t, IMHO, because of 2 major things:
a. No log or monitoring of it’s activity, so it’s really hard to understand if it does whats needed, and if it doesn’t causing any harm… (i.e. once we’ve found out that almot 50% of relevant traffic is being blocked due to one setting we’ve turned on๐, took us a long time to understand why, it was frustrating)
b. It’s very hard to understand all the settings and find the relevant one, inc. very confusing many firwalls.
still it’s much appreciated
Tal
-
This reply was modified 1 month, 1 week ago by taco100.
Thanks for caring.
I’m not sure to answer wich FW rule is to be logged, as this is a technical Q and I’m no expert, but as a use – I do want to see which attempts of hack\login\breach etc happen, when, from which door, and which element stopped them.
Im my former example – a big chunk of my regular normal traffic was blocked, sorry but can’t remember by which setting (maybe something related to blocking of weird\bad queries or string) , and I was happy to know that in real tiem and also get a notification.
Hi Again
An example from today – on of the website editor was locked out from the website (probably due to a mistake in credentials, which is great :-)), but for me – it’s sooooo hard to unlock him.
- Can’t understand what locked him, Firewall? Brute? Login settings? etc…
- I went to the Audit log (which is nice!!, didn’t know it before) and saw he was denied, but:
A. there was no info on which feature prevented or locked him
B. There was no easy “Unlock \ Set him freeeeee” button ๐ which is so needed
- So I had to manually search and add IP’s in 3-4 locations as: Login whitelist, Block & allow lists, Login lockoutย or Firwall ETC…
Just wanted to share from POV
Thanks for caring!
Tal
Hi @taco100,
There is “Request unlock” button is there for the unlock.
https://snipboard.io/BqcRn0.jpg
If I cross check right now it seems not working. I will create an internal ticket for this.
Regards
Thankd
My message you’ve ansered was as mainly an example to show how complicated is it for us the users to identify a source of user block and to release it ๐
Hi @taco100,
WP security > Dashboard > Locked IP addresses has that list, you can easily unlock.
https://snipboard.io/jLvQTI.jpg
https://snipboard.io/DYVrhZ.jpg
Regards
Yeah but it was empty :-(, Even when the user was prevented from login.
It seems the this list only show Login lockout, but my “complain” is that there are many features that can block a user (which is great!), but it should all be logged, disaplyed and managed from a simple single screen, as we are simple usres that doesnt know all the dozens off settings and can’t tell or understand why a user is beying locked out, and how to unlock him.
Thanks for caring
