2FA and Login alert

  • Resolved thomasjulienalain

    (@thomasjulienalain)


    5 years, 1 month ago

    Hello !

    I have an admin account with 2FA setup.
    Today I recieved an Admin login alert from an unknown location for this user even if 2FA is setup.

    I immediately created a rule to block this IP.

    I was wondering if this email is send after successfully login, even if the user don’t have access to 2FA code.

    Thank you !

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hey @thomasjulienalain,

    This sounds like a successful login using Two-Factor. Can you please share the expanded details of the login entry in Wordfence > Live Traffic?

    Just for clarity, was the login from your admin username, a different admin on the site, or an admin username that doesn’t exist on the site?

    Thanks,

    Gerroald

    Thread Starter thomasjulienalain

    (@thomasjulienalain)

    Hello Gerroald,

    I realised that Cloudflare proxy was the problem.

    The IP was changing everytime any existing admin user was loggedin with with “Let Wordfence use the most secure method to get visitor IP addresses” in general WordFence options.

    I switched for “X-Forwarded-For HTTP header” and it now detect the correct user IP.

    Is it the best way to deal with it ?

    Thank you.

    Hey @thomasjulienalain,

    Thanks for the update, and happy to hear you were able to track this down.

    If the X-Forwarded-For HTTP header method is correctly identifying the IP this is the best way to deal with it.

    Please let us know if anything else comes up.

    Thanks,

    Gerroald

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘2FA and Login alert’ is closed to new replies.

Tags