2FA Not Working Properly

  • Resolved JBGR

    (@thebaumgartler)


    1 year, 2 months ago

    Hi Guys,

    Ran into an issue this morning logging in to a website that has the Cookie based brute force and TOTP 2FA enabled. I’m able to access the login page without issue but when logging in and getting to the 2FA step the login page simply reloads. I tried in a few different browsers and in an incognito window and the same results. Sometimes I get an error “Your two factor code was incorrect” but still unable to login.

    I connected via FTP and added the define('TWO_FACTOR_DISABLE', true); line which allowed me to successfully access the WordPress Admin panel.

    I went to the settings and reset the private key and reconfigured the 2FA but the issue still persists if I try to login again. I double checked the 2FA code before resetting and it did match the value in my password manager.

    I do notice in the JS console on the login page the following PHP notices being returned:
    "PHP event: code E_DEPRECATED: Function mcrypt_get_iv_size() is deprecated (line 938, wp-content/plugins/all-in-one-wp-security-and-firewall/includes/simba-tfa/providers/totp/loader.php)"

    "PHP event: code E_DEPRECATED: Function mcrypt_decrypt() is deprecated (line 958, wp-content/plugins/all-in-one-wp-security-and-firewall/includes/simba-tfa/providers/totp/loader.php)"

    Plugin version: 5.3.8

    WordPress Version: 6.7.2

    PHP Version: 8.1.31

    Please let me know what tests or other checks I can do. I had no issue logging in to the site a month ago when I had to make some content changes, which is when I updated the plugins to the latest version as well.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 year, 2 months ago

    Hi @thebaumgartler,

    After adding constant TWO_FACTOR_DISABLE if it allows it seems 2FA issue that code do not match error should be below one.

    Error: The one-time password (TFA code) you entered was incorrect.

    If the Google authenticator and WP security > Two Factor Auth page have the same code it should not be the issue of the code match.

    Please try disable one by one the other plugins related to login page, If you have cache plugin try disable it once and check. It might be other plugin functionality might be affecting .

    Regards

    Thread Starter JBGR

    (@thebaumgartler)

    1 year, 2 months ago

    Hi there,

    Thanks for the reply. I can confirm that when I add the TWO_FACTOR_DISABLE constant that it will let me login as expected. Once I log in if I navigate to WP Security > Two Factor auth the codes do match and are reset at the same time.

    There are no other plugins that impact the login page, and I’ve disabled the wp-super-cache plugin to test and the issue is still present.

    However after further tests it doesn’t appear to be an issue with 2FA it’s something to do with WordPress and the SiteURL / WordPress Address. It’s adding the wrong value to the redirect and causing the loop to happen. If I access the secret URL to load the login page and then remove everything and reload /wp-login.php again it works with 2FA enabled so my issue appears to be somewhere else.

    We can mark this issue as resolved since the problem doesn’t appear to be caused by the 2FA.

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    1 year, 2 months ago

    Hi @thebaumgartler

    Glad to know the issue was not of 2FA. If still required any help / details let me know.

    Regards

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘2FA Not Working Properly’ is closed to new replies.