Title: Custom forms bypassing 2FA security
Last modified: January 9, 2024

---

# Custom forms bypassing 2FA security

 *  Resolved [Graeme](https://wordpress.org/support/users/imgraeme/)
 * (@imgraeme)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/custom-forms-bypassing-2fa-security/)
 * I have a client using Elementor Pro page builder in their site theme. 2FA has
   been enabled in Wordfence, and it works as expected when using the default login
   form or WooCommerce login form. When using any custom login forms created/added
   by Elementor/theme, instead of giving any sort of 2FA error they simply login
   the account bypassing 2FA. These are admin accounts where 2FA is mandatory.
 * Is the default behaviour when 2FA isn’t validated on a form not to at least fall
   back to a login error? This appears to be a large security flaw unless it is 
   not working as intended for them.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [Graeme](https://wordpress.org/support/users/imgraeme/)
 * (@imgraeme)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/custom-forms-bypassing-2fa-security/#post-17331205)
 * It’s also worth asking, is there a way for me to programatically add Wordfence
   2FA support to a custom login form?
 *  Plugin Support [wfphil](https://wordpress.org/support/users/wfphil/)
 * (@wfphil)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/custom-forms-bypassing-2fa-security/#post-17332034)
 * Hi [@imgraeme](https://wordpress.org/support/users/imgraeme/)
 * Our 2FA is only designed to work on the default login page for WordPress plus
   we only provide compatibility with WooCommerce as they have over 5 million users.
   We have seen our 2FA fail to work on custom login forms generated by other themes
   and plugins so your best solution is to see if you can find another 2FA plugin
   that works on all of your login forms.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Custom forms bypassing 2FA security’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [2fa](https://wordpress.org/support/topic-tag/2fa/)

 * 2 replies
 * 2 participants
 * Last reply from: [wfphil](https://wordpress.org/support/users/wfphil/)
 * Last activity: [2 years, 5 months ago](https://wordpress.org/support/topic/custom-forms-bypassing-2fa-security/#post-17332034)
 * Status: resolved