Incompatibility with WPML & Security Optimizer (2FA)

  • Hey folks,

    A site of a client had both Security Optimizer and WPML, and the following setting was enabled in WPML:

    – Allow translating the login and registration pages

    This setting injects the following to the .htaccess (inside the core WP rules):

    
RewriteRule ^en/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^fr/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^de/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^it/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^pt/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^pt-pt/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^es/wp-login.php /wp-login.php [QSA,L]

    Which effectively breaks 2FA and shows the errors many users reported to you:

    The username field is empty.
    The password field is empty.

    Disabling the option (and then flushing the rewrite rules at /wp-admin/options-permalink.php) fixes the issue. Hope this helps!

  • You must be logged in to reply to this topic.