2FA error and wp-login redirect loop

  • Resolved Nora C.

    (@nora-c)


    5 years, 9 months ago

    Hi all,

    When I try to log in to my site and enter the 2FA code, I get the error: “VALIDATION FAILED: The 2FA code could not be validated. Please try logging in again.” The recovery codes aren’t working either.

    To solve this, I tried renaming the Wordfence plugin folder through FTP. While I am not prompted to enter a 2FA code anymore, the wp-login page redirects to itself when I enter my username and password. So I am still locked out.

    I also renamed the entire plugins folder, then the theme folder, and my .htaccess file but I get the same redirect issue every time.

    I also uploaded a fresh copy of the wp-login.php file from the same WP version, same issue.

    I realize this could be unrelated to Wordfence, but since that was the first sign there was an issue, I am starting here. Any ideas what is happening?

    Thanks in advance for your help.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support WFAdam

    (@wfadam)

    5 years, 9 months ago

    Hello @nora-c and thanks for reaching out to us!

    Is this the first time you are setting up 2FA or has this just randomly happened? Have any updates been done recently that you can think of, specifically WP 5.5 or 5.5.1?

    The first thing we can try is to use the wp-admin page, its a redirect page but I have seen this cause issues with 2FA in the past.

    I have also seen plugins and themes that cause this issue as well. You could test for a conflict by disabling all your plugins and switching to a default theme like twenty-twenty.

    There was an issue in WordPress 5.5 where jQuery Migrate, a tool which WordPress has bundled and enabled by default for many years, was turned off by default. It sometimes causes all kinds of weird behavior for all plugins if just one of them (or your theme) is still using old code. You should make sure your plugins and themes are all updated. While 5.5.1 has fixed some of these issues, a temporary fix, if some of them aren’t ready for this yet, you can use this plugin to workaround the issue.

    It may help to install the Enable jQuery Migrate Helper plugin below and see if the issue can be resolved:
    https://ww.wp.xz.cn/plugins/enable-jquery-migrate-helper/

    You may also find this useful:
    https://ww.wp.xz.cn/support/topic/read-this-first-wordpress-5-5-master-list/

    Let’s start there and see what we can find.

    Thanks!

    Thread Starter Nora C.

    (@nora-c)

    5 years, 9 months ago

    Hi @wfadam,

    Thank you for your quick reply.

    2FA was set up for a while and the issue randomly happened.

    The site is running on WP version 5.4.2, so it shouldn’t be an issue related to later versions. I can’t think of recent updates that caused this. The last time I updated the site, everything was running correctly.

    The server config is PHP/7.1.33 and nginx/1.16.1.

    All plugins are already disabled, as well as the theme. But there is no default theme installed. I know I can upload the files for the twenty-twenty theme for example, but is it possible to activate this default theme through FTP?

    Also, I am not sure what you mean by using the wp-admin page? When I access mysite.com/wp-admin I get redirected to mysite.com/wp-login.php and back into the redirect loop.

    Thank you for your help, much appreciated!

    Plugin Support WFAdam

    (@wfadam)

    5 years, 9 months ago

    Hello again @nora-c

    Are you still locked out? Here are ways to get back into your site:

    The first way is if you have added the site in Wordfence Central (a free site management tool in your account on wordfence.com):

    • Login to Wordfence.com and look for the Configuration tab.
    • Click the gear icon at the end of the row that the site you need to access is on.
    • Scroll down to the Login Security Options section and expand it by clicking the small black arrow to the right.
    • In the section that says “Whitelisted IP addresses that bypass 2FA” add your public facing IP address.
      NOTE : You can get your public facing IP by clicking this link.
    • Scroll back to the top of the screen and save the changes.
    • You should now be able to login to your site with just a username and password.

    If you haven’t added your site to Wordfence Central follow these steps:

    • Please use FTP/SFTP — or any file manager your web host provides via their administration panel.
    • Look inside the /wp-content/plugins/ directory and rename the wordfence directory to wordfence.bak. This will deactivate Wordfence and allow you to login without the 2FA code.
    • Once you have logged in to your WordPress admin you can name the folder back to wordfence again.
    • Go to your user profile and add 2FA back to your account, making sure to download the backup codes in case of problems in the future.

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    Thanks again!

    Thread Starter Nora C.

    (@nora-c)

    5 years, 9 months ago

    Hello,

    It turns out that this issue had nothing to do with Wordfence, the 2FA problem was a symptom.

    The redirect login loop happened because the disk was full.

    Thanks for your help anyway!

    Plugin Support WFAdam

    (@wfadam)

    5 years, 9 months ago

    I’m glad you could find the resolution @nora-c

    If you need any other assistance, we would be glad to help!

    Thanks again for your support!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘2FA error and wp-login redirect loop’ is closed to new replies.