2 factor authentication verified, but still requiring login email every time

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jdog81, thanks for the video detailing the issue.

    The Wordfence “2FA Status” column is “Inactive”, which is proven by the fact you can still see the QR code on your Login Security page for your user – this would disappear when you set it up.

    I can see another 2FA plugin’s menu in your left-hand side bar called “Two Factor Auth”, which appears to be the source of the “2FA” column with green ticks on your Users page as Wordfence doesn’t add that one.

    Any “Verification Required” messages and emails are related to the message Google themselves will send when a user fails to be confirmed as human by reCAPTCHA checks. Do you have Wordfence’s reCAPTCHA set up?

    We don’t receive information from Google about why a human may sometimes receive a low enough score to always require verification. Generally, a “reCAPTCHA human/bot threshold score” setting in Wordfence > Login Security > Settings of at least 0.7 should allow most humans through on your site without having to verify every time. You could try reducing it to see if it helps here, though.

    I would certainly check your browser console for red errors on your WordPress login page as it’s possible that the login flow for the “Two Factor Auth” plugin is conflicting with the input fields Wordfence expects to verify reCAPTCHA. If this happens, all users may be scored “0.0” and asked to verify via email every time.

    Thanks,
    Peter.

    Thread Starter Jdog81

    (@jdog81)

    Thank you Peter, I have followed the above steps, but what is now happening is the 2-factor authentication field does not popup on wordpress login page after I enter username / password.

    https://www.loom.com/share/95ffbb8aab824101b9af85989850127f?sid=8129fe82-d0fb-4bdc-945f-c4b5e2ee1657

    I have deleted the 2nd two factor authentication, and you can see the 2nd column is gone now. Good spot there.

    I also changed reCaptcha score to .7.

    Possibly I need to clear cache? Or, I don’t necessarily need to have reCaptcha on. I’m ok with security of 2-factor. So, maybe I try turning that off.

    But, it does seem like everything should be green light, yet for some reason Wordfence does not give me option to enter 2-factor codes (which I have setup properly and says I’m activated)

    • This reply was modified 1 year, 1 month ago by Jdog81.
    Plugin Support wfpeter

    (@wfpeter)

    Thanks @jdog81 for the extra information and video.

    Was your browser console clear of errors? Also did you now try clearing the caches since writing your post above? Maybe reCAPTCHA was disabled when the video was taken as I don’t see the logo on the login page.

    I notice your login URL is different to /wp-admin. Some users are able to use 2FA/reCAPTCHA with an altered login URL and swear by it, but we have seen some cases in the past where this is a problem. I would certainly try running Wordfence as your only enabled plugin to see whether the problem lies between WordPress and Wordfence, or possibly a conflict somewhere else.

    Thanks again,
    Peter

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘2 factor authentication verified, but still requiring login email every time’ is closed to new replies.