Hi @oraabajwabhai, thanks for getting in touch about this.
Firstly, WordPress by design does not intend to hide admin usernames and does not consider the “leaking” of usernames to be a security problem. Instead, their recommendation is to use strong passwords and two-factor authentication to secure your login page, rather than hide your username. Naturally, more security around user authentication is something we also support but you can read more about the subject here:
https://make.ww.wp.xz.cn/core/handbook/testing/reporting-security-vulnerabilities/#why-are-disclosures-of-usernames-or-user-ids-not-a-security-issue
If 2FA is intermittent, it’s likely that a plugin or custom code might be occasionally failing to load scripts properly – which in turn would be breaking any of our JavaScript that loads afterwards. Remember also that our 2FA and reCAPTCHA solutions in the Login Security section of the plugin are only supported on default WordPress/WooCommerce login/registration pages.
You can test this by disabling all plugins except for Wordfence, and reverting to a default theme such as Twenty Twenty-Three. If 2FA seems to work every time under these conditions, reenable your plugins and theme one-by-one to see when problems start reoccuring.
When you’re having the 2FA issues, do any red errors come up in the browser console? If so, what do they say? You can include screenshots by using a service such as Snipboard.
Thanks,
Peter.
