Kaspars
Forum Replies Created
-
Forum: Plugins
In reply to: [Two Factor] 2FA not workingThanks for your follow-up to the original report. Caching could indeed be a problem but the WP login flow always sends
no-cacheheaders in all responses, which should be respected by all major caching plugins and implementation (such as Cloudflare).Secondly, it uses HTTP POST request to send the two-factor login information and those should never be cached by the server or plugins.
Forum: Plugins
In reply to: [Two Factor] Two-Factor Remembered DevicesThis feature is currently not supported by the plugin to truly enforce two-factor requirements in all cases. There is an open feature request for this, though: https://github.com/WordPress/two-factor/issues/230
Forum: Plugins
In reply to: [Two Factor] Where can I find backup codes / recovery options?Yes, it does support the recovery codes. It should be one of the available two-factor methods that can be configured in your profile. Please see the sceenshots of this plugin (on the plugin page) for reference.
Forum: Plugins
In reply to: [Two Factor] register new key not workingThe FIDO U2F implementation in this plugin has been deprecated in all major browsers. It will be removed from the plugin very soon to avoid confusion.
Consider using this plugin https://wordpress.org/plugins/two-factor-provider-webauthn/ to implement WebAuthn support for your existing keys.
This is being discussed here https://github.com/WordPress/two-factor/issues/423 and https://github.com/WordPress/two-factor/issues/232
Forum: Plugins
In reply to: [Two Factor] U2F Not WorkingYes, the FIDO security key feature has been removed from most browsers and replaced with webauthn. The FIDO feature will be removed from the plugin in an upcoming release.
You could consider installing the WebAuthn Provider for Two Factor plugin which enables webauthn for the two-factor plugin (and supports the migration of existing FIDO keys).
Forum: Plugins
In reply to: [Two Factor] 2FA for admins and editorsThere are currently no global settings for the plugin (known issue) so the only way to force enable specific methods is to use a PHP filter as described in this comment.
Forum: Plugins
In reply to: [Two Factor] How to roll out to multiple users?Sorry for the confusion!
The documentation is really lacking for the plugin currently and we have a few updates in the queue that should provide more details and a list of known issues and limitations of the plugin.
The only method that can be “force-enabled” for all users is the email. There are no global settings for the plugin (known issue) so it must be enable via code as explained in this comment.
Forum: Plugins
In reply to: [Two Factor] What pop-up Login does thsi plugin workThis plugin relies on all hooks and filters that are called on
wp-login.phpso it should work as long as the AJAX modal login plugins is able to replicate that logic. There are no recommended plugins that I’ve tested personally, though.Forum: Plugins
In reply to: [Two Factor] Two Factor emails not working on HTTP sitesThe plugin does not require HTTPS for security codes over email. It uses the same
wp_mail()function as WP core to send those codes.The only two-factor method that requires TLS is
FIDO U2F Security Keysbut it isn’t supported in any of the recent browsers and will be removed from the plugin in the upcoming releases.You could try doing a password reset on those non-HTTPS sites to confirm that email delivery is working.
Forum: Reviews
In reply to: [Two Factor] Great plugin with a compatibility issueThanks for reporting the issue! It has been fixed since version 0.14.1 of the plugin.
Forum: Plugins
In reply to: [Two Factor] Plugin does not generate clean URLsThanks for reporting the issue! This has been fixed recently and will be part of the next release.
Forum: Plugins
In reply to: [Two Factor] No possibility to reset Two FactorCan you please elaborate on the two-factor methods you have access to and what you mean by “i have not managed to switch from the app to email”? Secondly, which of the two-factor methods are enabled for your WP user?
The following statements seem to contradict each other:
- I have lost all my devices
- I logged in to the website using an authentication app
- i have access to my email account again
To disable the two-factor requirement for your account, you should connect to the database and delete the
_two_factor_enabled_providersuser meta for your user ID in thewp_usermetatable as that’s storing the enabled two-factor methods.Forum: Plugins
In reply to: [Two Factor] SMS Gateway extensionThanks for sharing! Looks like the plugin still needs a settings page or a filter to supply SMS gateway parameters, right?
Forum: Plugins
In reply to: [Two Factor] 2FA with wordpress iphone appLogin over APIs (REST and XML-RPC) doesn’t support the second factor so you need to effectively disable the second factor for all those logins with application passwords using the
two_factor_user_api_login_enablefilter.Forum: Plugins
In reply to: [Two Factor] Redirect after login with 2FAThe standard
login_redirectfilter should still work as expected. Plugins that rely onwp_loginaction might not work because of this issue.