This sounds like a ManageWP issue. We advise reaching out to ManageWP support for assistance. If you think we’ve misunderstood and that this is an issue with the Duo WordPress plugin, please contact [email protected] for further assistance.
I already open a ticket with the ManageWP support team, and they said that it might be an issue with the plugin. And I’ll send an email to the Duo support team.
Thanks,
Marc
The problem is that ManageWP does not use XML-RPC to log in. ManageWP uses request til wp-admin:
/wp-admin/?mwpredirect=1&auto_login=1&mwp_goto=%3F&signature=iEkIOCJObKk1cq8HWTkmAx17w14RvsjOUOIfeMkpzXbr73m2qXZJ54zKFgtR2Fk5SQmZGxfdC1413Q57tnQQ7peHLWXHVk0GQUhR1YBmoxryEQVuZWS2MWRFNsA8SEWpyr6bQyHOEnqK6CGghgVD4qmCdx7r%SJTxr2BuJJuxDNDk4mU%3D&message_id=fbc5ae0580261aba6cae316b74b38e5fbf53d819_2516141289&username=admin
Since it is not an XML-RPC reguest it is treated as normal user and subjected to two factor authentication.
A solution would be to have the ability to whitelist IP’s in the Duo plugin
IP Address whitelisting is an Enterprise Edition feature which works with the WordPress integration.
This feature is also available for free on new accounts for the first 30 days.
https://www.duosecurity.com/docs/trusted_devices#configuring-trusted-networks
