Conflict with "WP Google Authenticator" plugin

  • Resolved batteriesInc

    (@batteriesinc)


    11 years, 7 months ago

    Hi, thank you for an excellent plugin.

    I have come across a bug that appears to be a conflict between the WP Google Authenticator plugin (to add login 2FA for some or all users) and All in One WP Security.

    The WP Google Authenticator sets up a logon process whereby new users can login and then set up their own personal 2FA code for the Google Authenticator smartphone app (or GAuth for those working from a desktop). However, with All in One active, the logon fails with the statement that the site admin has not yet enabled the account. I can’t find an option to enable the user, so I assume it’s a generic error message that masks something else – it all works as soon as I disable All in One (I stupidly did so by pressing the two “disable buttons” – well, that’ll teach me to just use the plugin disable instead 🙂 ).

    As I consider both plugins required to have a reasonable secure site, could you tell me which specific All in one option I must avoid? User lockdown? Or can you have a look and maybe make it work together? I would prefer that I can still use “User lockdown” as it very much proved its worth already before I changed the link to the login page (several lockdowns created from far away countries – stuff you don’t know of until you install All in one 🙂 ).

    Cheers!

    https://ww.wp.xz.cn/plugins/all-in-one-wp-security-and-firewall/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    11 years, 7 months ago

    Hi batteriesInc I am using this plugin and the following google-authenticator. Both work like a charm in all my websites 🙂

    You might like to try the version that I am using. No errors in this one.

    Regards

    Thread Starter batteriesInc

    (@batteriesinc)

    11 years, 7 months ago

    Hi, thanks for answering, but that’s the one I just switched away from in my battle to get it solved 🙂

    (it was the one I was originally using)

    I’ll try again, but I’m not so hopeful now. It appears All in one affects the logon process at a point later than the 2FA plugins, which is where they then clash. Setting up the core admin user always works without any problems, but try adding a new user with 2FA and you see what I mean (maybe I should have made that more clear).

    Plugin Contributor wpsolutions

    (@wpsolutions)

    11 years, 7 months ago

    @batteriesinc,
    Do you have the “Enable manual approval of new registrations” checked in the User Registration menu?
    (that error sounds like something related to that)

    Plugin Contributor mbrsolution

    (@mbrsolution)

    11 years, 7 months ago

    Hi @batteriesinc I created three admin accounts and enabled Google Authenticator. It works for me. In regards to your comment..

    he logon fails with the statement that the site admin has not yet enabled the account. I can’t find an option to enable the user, so I assume it’s a generic error message that masks something else

    Each account that you create needs for the account holder to log in and enabled 2FA. If you don’t set it up like that then it defies the purpose of adding this extra security feature.

    Let me know if you follow what I am saying.

    Regards

    Thread Starter batteriesInc

    (@batteriesinc)

    11 years, 7 months ago

    Yep – it was the plugin’s user admin function. Duh. I was looking in the wrong place.

    When I disable that function, it all works perfectly. When I enable it, it also works, provided I authorise that users, but inside All in one WP security rather than the site’s normal user admin.

    Good, now I just have to add the line ErrorDocument 404 /?page_id=999999 back to the now reconstructed root .htaccess file (so that any attempt to get to the underlying webserver’s 404 page gets bounced back into the WP CMS as well) and I guess we can start adding the weirder stuff to the site 🙂

    As for the function of 2FA, I do understand how it works (I actually do a lot of biometrics based 2FA in other places) but I couldn’t quite find where things meshed.

    Thank you both very much for helping out. I’ll mark the thread as “solved”

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Conflict with "WP Google Authenticator" plugin’ is closed to new replies.

Tags