Can’t get 2FA to work

I just installed wordfence on my 5.5.1 version site, PHP 7.4.10, LiteSpeed webserver.

2fa is working great for admins but not at all for other users. I created a test user and when I log in as this test user I never get any option to use 2fa. The only time I can find a way to set it up is when I log in as an admin and go to the user account, the 2fa page is there but obviously I don’t want to have to set it up for each user, but is that what I have to do?

Using UltimateMember and have the custom user role I am testing with enabled for 2fa.

trois, are you having trouble getting 2fa working with an admin user or other?

@eagle456 – only 2 admins (no other users/roles). Set-up is easy, but we’re never asked for that code, on log-in – even with the option checked that admins require a code (and, no grace-period).

You are still able to log in fine without 2fa and never see the 2fa prompt?

Are you using the default wp login page?

The docs mention the 2fa prompt may not show if you have a custom login prompt, but I assume if 2fa was truly enabled you would not be able to login unless you entered the code after your password.

When you go into your user account, do you have the option to deactivate 2fa?

I was able to go in to the user account and activate 2fa for my other user, but I had to set up it’s 2fa to my phone. After doing that it shows up when I log in, so my issue may be different and I may start a fresh thread but wanted to chime in and say I had admins working fine at least.

Hi @trois, thanks for your detailed message regarding your setup to help us with your query, you do however mention being a paying client.

As a Premium Wordfence Customer, I recommend opening a support ticket at https://support.wordfence.com. They will be able to assist you faster than through the forums.

@eagle456 As mentioned in the Forum Guidelines, we need to assist on an individual basis. Please feel free to open a new ticket so that we don’t miss any important details that may prevent your issue being solved sooner.

Thanks,

Peter.

@eagle456 “custom login prompt” – good catch! Yes, I do have one ‘secret’ URL, using this plugin: ‘WPS Hide Login’. I overlooked that, my bad. Can’t register both admins on the same phone, as we are in different locations – but maybe the 2nd admin can change it once logged in.
Thanks for your input – appreciated!

@wfpeter – going to create a Premium ticket – thanks.

• This reply was modified 4 years, 1 month ago by trois.

Adding this here in case someone else needs to add different users but are in different geographical locations than they are, and has the requirement for all admins to use 2FA.

• Add the admin user per normal.
• Get the new admin to provide you with their public facing IP address.
• On the Wordfence > Login Security > Settings page add the user’s public facing IP address to the option that says Whitelisted IP addresses that bypass 2FA and save the changes.
• Have the new admin login and set up 2FA on their phone
• Once the new admin has registered for 2FA, remove their IP from the option that says Whitelisted IP addresses that bypass 2FA and save the changes.

Tim

Thanks Tim!

Yup, defeated my own settings by adding those IPs (copied from the IP-whitelisting in Wordfence itself).

It’s working for both admins – thank you.