Custom forms bypassing 2FA security

  • Resolved Graeme

    (@imgraeme)


    2 years, 5 months ago

    I have a client using Elementor Pro page builder in their site theme. 2FA has been enabled in Wordfence, and it works as expected when using the default login form or WooCommerce login form. When using any custom login forms created/added by Elementor/theme, instead of giving any sort of 2FA error they simply login the account bypassing 2FA. These are admin accounts where 2FA is mandatory.

    Is the default behaviour when 2FA isn’t validated on a form not to at least fall back to a login error? This appears to be a large security flaw unless it is not working as intended for them.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Graeme

    (@imgraeme)

    2 years, 5 months ago

    It’s also worth asking, is there a way for me to programatically add Wordfence 2FA support to a custom login form?

    Plugin Support wfphil

    (@wfphil)

    2 years, 5 months ago

    Hi @imgraeme

    Our 2FA is only designed to work on the default login page for WordPress plus we only provide compatibility with WooCommerce as they have over 5 million users. We have seen our 2FA fail to work on custom login forms generated by other themes and plugins so your best solution is to see if you can find another 2FA plugin that works on all of your login forms.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Custom forms bypassing 2FA security’ is closed to new replies.

Tags