2FA not working for lower level users

  • Resolved Jason

    (@eagle456)


    5 years, 8 months ago

    I just installed wordfence on my 5.5.1 version site, PHP 7.4.10, LiteSpeed webserver.

    2fa is working great for admins but for other users a set up or registration page is not showing up during registration or after any subsequent logins. I created a test user and when I log in as this test user with the default admin wp login I never get any option to use 2fa but I am able to log in as if 2fa is not enabled.

    If I login using the public ultimate member page it requires email authentication and mentions this can be bypassed if 2fa is set up but I never see where it can be set up – so this is the part of the function I am missing somehow. Once I go through the email verification I can log in but no 2fa is required and again I am not given the option even in the user account pages to set it up.

    I can set 2fa up for these lower level users if I log in using an admin account and then the 2fa code prompt appears in that edit user section. When I set it up this way it works as it should. When should a newly registered user be redirected to the set up page if this is working correctly? I am having some trouble with other redirections that I have selected – so perhaps this is the problem.

    This user role I first tested with is a custom role and is enabled for 2fa.

    I also tested with a Ultimate Member default user, subscriber. Made sure it was enabled for 2fa. I am requiring 2fa for XML-RPC. I have not allowed remembering devices.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support WFAdam

    (@wfadam)

    5 years, 8 months ago

    Hello @eagle456 and thanks for reaching out to us!

    Generally, for all users that aren’t admin users, they will log in and then see the Wordfence plugin tab on the left side of the screen, but the only option for them will be Login Security. From here they can walk through the steps to set up 2FA.

    When you logged in to test, did you log in via a different browser or incognito mode? If you have a cache plugin or extensions on your browser, it might have caused some issues.

    https://www.wordfence.com/help/tools/two-factor-authentication/#how-to-enable-two-factor-authentication

    Let me know if this helps!

    Thanks!

    Thread Starter Jason

    (@eagle456)

    5 years, 8 months ago

    Thank you for the reply, I tried that and it did not help. Could you post up an example of what it should look like perhaps?

    I’m using ultimate member, that could be complicating things more than anything. Do I have to disable “force hiding adminbar in frontend” for the user? It sounds like teh adminbar is where you are saying this should show up. I tried that and still don’t see anything.

    There is also three options in the WP Capabilities for 2fa, “wf2fa_activate_2fa_self” and “wf2fa_manage_settings. I have both of those enabled.

    • This reply was modified 5 years, 8 months ago by Jason.
    Plugin Support WFAdam

    (@wfadam)

    5 years, 8 months ago

    I do believe that 2FA does not work with non-admin users in Ultimate Plugin currently. It’s something that is being worked on for a future release.

    I just re-read your original post and noticed that you were using Ultimate Member.

    Only your admin account will work with our 2FA login.

    Let me know if this helps!

    Thanks again!

    Thread Starter Jason

    (@eagle456)

    5 years, 8 months ago

    That makes sense, thanks for letting me know. Is this something wordfence is working on or ultimate member?

    Plugin Support WFAdam

    (@wfadam)

    5 years, 8 months ago

    2FA and the Wordfence Login Security is built for the default wp-login.php and not compatible currently with other login/membership plugins. If you have 2FA enabled for other roles, and a user logs in via the membership plugin and is not seeing Wordfence on the side of the page to set up 2FA for themselves, this it is not compatible.

    Also, the reCaptcha is likely incompatible as well if verification is being asked for excessively. Disabling the captcha will prevent that message. It is best to use Wordfence’s login security options for the default login only, and then use membership-specific plugins for Recaptcha and 2FA for the membership plugin.

    Let me know if this was helpful for you!

    Thanks!

    Thread Starter Jason

    (@eagle456)

    5 years, 8 months ago

    Ok that is interesting, but in regard to what you said earlier

    It’s something that is being worked on for a future release.

    you did not answer my question. I assume you meant WordFence is working on it for a future release and you did not mean UltimateMember, but was hoping you could clarify.

    Even if a lower level user logs in using the default login page it still does not work – just so everyone knows. As far as I know, reCaptcha is working ok.

    I’m not confident I could use a different plugin for lower level users and still use WF for admins only without a mess of compatibility issues so not sure if I will bother trying at this point.

    • This reply was modified 5 years, 8 months ago by Jason.
Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘2FA not working for lower level users’ is closed to new replies.

Tags