Custom 2FA validation page

  • Resolved cbqguilherme

    (@cbqguilherme)


    1 year, 5 months ago

    Hello there!
    I’m having trouble while trying to make a custom 2FA validation form/page.

    I’ve made a custom login form using the form action “site_url('wp-login.php', 'login_post')” (I’ve done it before and always works) and after submitting it, it was logging in the user correctly.

    After installing the WP 2FA plugin and setting it up, everything works as it is supposed to, and logging in in my custom form redirects the user to the wp-login.php with the form for the 2FA code verification. Everything works fine.

    However, I don’t want my users accessing any backoffice page (including this wp-login.php). Given that, how can I prevent users from seeing this page and add this verification form onto a custom page?

    Best regards!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor robertabela

    (@robert681)

    1 year, 5 months ago

    Hello,

    Thank you for using our plugin.

    At the moment the plugin uses the wp-login-php page to authenticate users and restricting access to this file will stop the plugin from working. We are aware of this limitation and we will be addressing this in the next update.

    I am sorry we couldn’t give you a solution today. Should you have any other questions, please do not hesitate to ask.

    Thread Starter cbqguilherme

    (@cbqguilherme)

    1 year, 5 months ago

    Thanks for the answer!

    Oh, that’s a bummer…

    Regardless, while trying to make the feature work myself I was trying to validate the code with WP2FA\Methods\TOTP::validate_totp_authentication, but even though I have the same code as the auth app and everything is as it should be (including the $_REQUEST[‘authcode’]), it always returns false… Any idea what’s happening?

    • This reply was modified 1 year, 5 months ago by cbqguilherme.
    Plugin Support Lucian Padureanu

    (@lucianwpwhite)

    1 year, 5 months ago

    Hello again @cbqguilherme !

    Thank you for sharing these details and for your patience!

    While we understand the need for customizations, please note that custom integrations or modifications to the plugin’s functionality are outside the scope of our support. However, I can share some insights that might help you troubleshoot the issue you’re encountering.

    The problem you described, where the OTP validation always returns false, could be related to a time synchronization issue between your device and the site’s server. The TOTP (Time-based One-Time Password) method relies on precise time synchronization, and even a slight time drift between the server and the device generating the code can cause the validation to fail.

    To address this:

    1. Ensure the server’s time is synchronized
    2. Double-check that the time on the device generating the code (e.g., your phone) is also accurate.
    3. Make sure you use a widely spread application for OTP code generation as well (e.g. Google Authenticator). For more details, you can also check our article for more app recommendations.

    If the time synchronization is off, correcting this should resolve the issue.

    Even though this is the only possible cause and solution I can think of at this stage, I really hope it will help! Please let me know how it goes.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Custom 2FA validation page’ is closed to new replies.