excolted
Forum Replies Created
-
Coming back with some answers.
- Is this a standard single-site WordPress install, a Multisite network, or a Bedrock-based setup? The way wp-config.php is structured and managed can differ significantly between these, which is relevant to what might be overwriting the key.
Single-site WordPress install under WordPress.com - Is there any pattern to when it happens, for example after a specific time of day, after any admin action, or seemingly at random?
It’s quite random at this point, we are trying to monitor this every 3-4 hours now. Will get back with the result. - Could you share a list of your active plugins and any must-use (mu-plugins) you have installed? You can get a full list from the System Info file under the Help and Contact Us tab in the plugin. Please do redact any sensitive information like email addresses or domain names before sending.
File here https://drive.google.com/file/d/1OMbVcmSQFfzpwNdo_WiRdY_IqckKqOIR/view
We created a staging site based on our latest production site, and somehow we don’t have any issue with the 2FA. This staging site is identical from theme to plugin. However there’s one things different between STG and PRD. The PRD site is protected with a third party security tools from DOSArrest.
Upon further investigation by looking at some older support forum post, we notice the WP2FA_ENCRYPT_KEY inside wp-config.php changed when user start having 2FA invalid.
Any idea what can caused the WP2FA_ENCRYPT_KEY keep getting replaced inside the wp-config.php from WP 2FA plugin point of view? i.e. i believe it was mentioned during migration, if the plugin is active, it might replaced the WP2FA_ENCRYPT_KEY on its own. We did not migrate our site, but we just want to know what can cause this.
- Is this a standard single-site WordPress install, a Multisite network, or a Bedrock-based setup? The way wp-config.php is structured and managed can differ significantly between these, which is relevant to what might be overwriting the key.