Plugin Support
Jelena
(@jmisic)
Hi,
Sorry to hear about the troubles you’re having.
This can happen if the user’s IP is whitelisted with Shield.
User can adjust their MFA settings even though they’re whitelisted. But MFA settings will not apply when logging in if they’re whitelisted.
This could explain why user can enable Google Auth for their account but when they try to login, they bypass it – the challenge is not available.
You may check if a user’s IP address is whitelisted with Shield (under the IPs & Bots section > Manage IPs > Manage Bypass List) and if yes, please remove it and Google Auth should display for that user during the login process.
Let us know how you get on sure.
Thanks,
Jelena
Thanks. I do not have any IPs whitelisted.
Plugin Author
Paul
(@paultgoodchild)
Do you use any sort of user login customisation? Anything at all?
No, and nothing changed except the Shield Security update.
Plugin Author
Paul
(@paultgoodchild)
What your login page URL?
I have several sites that aren’t working. Here is one of them:
https://elizabethclark.studio
There is a login link on the page.
I have 5 WordPress sites, all of which were, at one time protected by 2FA provided by Shield Security. All of them stopped working about the same time (difficult to tell exactly because of remembered logins). One of them briefly started working again today, for no apparent reason, but it only lasted a few hours. Obviously something changed, but I haven’t been able to figure out what. All of the installations are running under docker behind a proxy server, but that hasn’t changed. Today I gave up and disabled 2FA on Shield Security and installed WP 2FA which is working correctly and consistently on all of the installations. I would still be willing to troubleshoot but I have run out of ideas.
Plugin Author
Paul
(@paultgoodchild)
Hi,
Would you be able to reach out to us at support at getshieldsecurity.com I’m going to need to jump onto one of the affected sites to investigate this more thoroughly. We’re not getting any reports of this problem from anywhere else, so I can’t imagine what it might be. But I’d like to solve it for you in case it’s popping up elsewhere but we’re not aware of it.
Plugin Author
Paul
(@paultgoodchild)
In case anyone else is following this. The issue was found to be due to VPN connections that caused the visitor IP to resolve to a private/local area/RFC 1918 IP address. Shield doesn’t process certain features when they originate from a private IP.
We’ll look at how we might tweak our approach to this in upcoming releases.
