2FA Causing Passwords To Be Wrong

  • Resolved chrismys

    (@chrismys)


    2 years, 10 months ago

    Recently enabled Wordfence 2FA on a clients website. Only 2 of the 3 admin users are having this issue, but after enabling 2FA the users password is now always incorrect and will not prompt the 2FA window. Deactivating 2FA the user can login again no issues with the same password that was previously ‘wrong’.

    That being said the one admin user where everything is working correctly is able to login to the other two accounts, and set everything up and login no issues.

    Unfortunately, everyone is remote so this solutions of having the one user set everything up will not work for future users etc. So I have come here in search of a solution, or possibly someone who has experienced a similar situation.

    Might be helpful to know what settings are enabled:

    • 2FA Roles – Administrator & Editors are Required
    • Grace Period of 15 days
    • Allow remembering for 30 days is enabled
    • 2FA for XML-RPC call authentication is required
    • NTP is enabled
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfscott

    (@wfscott)

    2 years, 10 months ago

    Hello,

    Can you confirm that the users who are experiencing this issue are seeing the same issue on multiple devices while trying to log in?

    Also, try having them load the login page and make sure the URL is complete with www at the beginning and try again with it added if it is not.

    Can you confirm if there are any other security plugins or login-related changes/customization on the site?

    Thanks,
    Scott

    Thread Starter chrismys

    (@chrismys)

    2 years, 10 months ago

    Hey Scott,

    I can confirm that the users are experiencing this issue across every device, and browser that they’ve attempted to use. Which is odd because as stated above, it’s only affecting 2 of the 3 admin users.

    I can also confirm that adding www to the URL does not make any difference.

    As far as security plugins, Wordfence is the only security plugin sitewide; however, they are using Ultimate Member to assign user roles sitewide. I have tried to disable the plugin, and it doesn’t seem to make a difference.

    We did notice that the NTP is consistently failing, which could be a server configuration on the clients end; however, we installed a different 2FA application and it appears to work just fine. So we are unclear why the Wordfence 2FA is not working properly for 66% of the users.

    Thanks for the reply!

    Plugin Support wfscott

    (@wfscott)

    2 years, 10 months ago

    Thanks for your patience, @chrismys

    Can you please confirm if all 3 users are logging in from the same login form? I see you mentioned the Ultimate Member plugin. Are all 3 users logging in via the default wp-login.php page, and if not, can you try that?

    Thread Starter chrismys

    (@chrismys)

    2 years, 10 months ago

    Hey Scott,

    I can confirm that all 3 users are using the default wp-login.php page. The issues persists sitewide across all login points including the default, and the Ultimate Member access points.

    Plugin Support wfscott

    (@wfscott)

    2 years, 10 months ago

    Thanks, @chrismys

    Do you have a staging site set up for this instance by chance? If so, I would try deactivating all plugins except those necessary to replicate the issue and see if it persists.

    Can you also try entering the 6-digit 2FA code directly to the end of the password while trying to log in and see if that helps?

    Otherwise, you might try setting up a new admin user and setting up 2FA on that user to see if the issue is still occurring for new users as well or if it is only limited to these two specifically.

    Thanks,
    Scott

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘2FA Causing Passwords To Be Wrong’ is closed to new replies.