2FA don’t work

Hello @entumas,

The recent update should resolve the 2FA issue. I conducted several tests but was unable to replicate the issue using the latest version of the plugin, 1.4.12.

I recommend ensuring that the plugin has been updated successfully to version 1.4.12 on the websites in question and then testing it again. If you’ve modified the admin login page URL using a third-party plugin, please disable it, as such configurations can conflict with the 2FA. Instead, use the Custom Login URL feature available through Security Optimizer.

In case the 2FA issue persists, feel free to re-open this thread and provide us with the exact error message and your WordPress version. Additionally, any details about your website’s setup, especially if it’s custom-configured, could be useful for further troubleshooting.

Best Regards,
Tsvetan Mitev

Hi!

I have everything updated to its latest version.
For security issues I only use your plugin and Captcha by BestWebSoft.
The login URL is the default one.
Nothing has changed at the configuration level on the web lately.
The problem appeared when updating your plugin.
I can’t give you an error message, since the “notice” appears empty, in red but without a message inside.

Thank you

Helllo @entumas,

What made an impression in the case here was that you mentioned that the error persists only on some of your websites where our plugin is used. This comes to hint that the issue is most probably not in the plugin itself, but rather in the setup of the sites where it is not working.

If you are a SiteGround customer, I would advise you to:
1) Compare the plugins and themes between your sites where the plugin is working and the ones where it is not, and try to identify what might be interfering with its functions;
2) On a site where the plugin is not working, disable your plugins and themes one by one, then test to see if the 2FA is working and then re-enable the plugins and the themes one by one , testing the function after each enabled plugin.

Regards,
Plamen.M
Tech Support Team
SiteGround.com

The problem is that it is a production site and I cannot do this type of testing.

I would think that too.
But on the other hand, the plugin worked before.
1.4.11 stopped working only on this site, and version 1.4.12 promised to fix it, but it didn’t.

Thank you for your update, @entumas.

The provided information is insufficient and we are not able to provide an actual statement at the moment. We would need the actual error shown to provide some more details and you may try to obtain it by using your browser’s developers tool console.

Alternatively, you may contact your current hosting provider because they have access to the website and its files and should be able to provide assistance as well.

Best regards,
Daniela Ivanova

Same error with 2FA. If I deactivate that function users can login, however unsetting this is not suitable in terms of risks. In my site everything is updated and well built, but on Friday we found some users could not login properly, as after inserting their 2FA codes they were unable to proceed to the dashboard. There is something between SiteGround Security Optimizer and WordPress not working well. I have looked for anything but did not found hints that can lead me to solve this. I reached out to hosting provider, we did analyze infrastructure but nothing, it’s not other plugins, it is SiteGround Security Optimizer.

• This reply was modified 8 months, 3 weeks ago by Ricardo de la Vega.

Hello @raxvegasaenz,

Thank you for reaching out and providing a detailed description of the issue you’re experiencing. I understand how important it is to maintain both the security and functionality of your website, and I appreciate the steps you’ve already taken to investigate the problem.

I want to assure you that the Security Optimizer plugin is widely used and trusted by many users. We monitor the performance of our plugin closely and, to date, we have not received widespread reports of similar issues that would indicate a systemic problem with the plugin itself.

Given that the issue seems to be isolated and not widely reported by other users, it is likely that the problem may stem from a specific conflict with another plugin, your theme, or a server-side limitation or restriction. Such conflicts can sometimes occur due to the unique combinations of plugins and themes that different WordPress sites use, or due to specific server configurations.

To help us pinpoint the exact cause of the issue, we would need more detailed information. Error messages from the browser’s console, application error logs, or server error logs would be particularly helpful. These logs often contain clues that can lead us to a solution.

If you could provide us with any of these details, it would greatly assist us in diagnosing the problem:

1. Console errors: Please check your browser’s developer console for any JavaScript errors that occur when the login issue happens.
2. Application error logs: If your WordPress installation has debugging enabled, there may be relevant entries in the debug log.
3. Server error logs: Your hosting provider, should be able to help you access the server error logs, which can indicate if there are server-level issues at play.

Once we have this information, we’ll be in a much better position to understand what’s happening and to provide you with a solution. Your security is our top priority, and we want to ensure that all features of our plugin, including 2FA, are working seamlessly with your site.

Best regards,
Georgi Ganchev
SiteGround.com

@georgiganchev, thanks for your response.

I have tested compatibility, no issues with any other elements. I have confirmed in other environments. However, it might be an error on my side regarding reinstalling this plugin. I have deleted encryption key and plugin files. I have not deleted tables generated by the plugin such as visitors and events logs entities. Do I need to delete these or any other things? I’d like to have it reinstalled completely from zero. What do you suggest?

The most important potential cause of this, that we have detected, is that after we changed SSL Certificate, this trouble began.

Hello @raxvegasaenz, 

Since you want to start from zero, you should remove all the tables generated by the plugin, as well as any plugin associated entries in the _options table – cron scheduler, version definition (sgs_install_xxx) ,  etc.

You’ve mentioned that you’ve already deleted the plugin files, but double-check to ensure that all files have been removed from the plugin directory. Additionally you should review the .htaccess file in your site’s root directory and remove any rules added by the plugin. Generally, those will be separated from rest of the rules with lines starting with:

# SGS

After the above steps are complete, please make sure to clear your application and browser’s cookies and cache, before initiating a fresh install.

Let us know if this resolves the issue for you.

Best Regards,
Gergana Petrova

Hello

It’s just that I can’t provide information that I don’t have…

1. The user logs in
2. You are asked for 2FA, it is completed, but the login does not occur.
3. The “wp notice” appears in red, but without any text inside.
   No error appears in the developers tool console either.
   No error file is generated on the server.
   Nothing.

As it is a site in development, I cannot deactivate plugins.

Trying to contact the hosting administrator makes no sense.
He will tell me to contact you.
On the other hand, it seems to me that it is the most logical since the plugin worked before version 1.4.11.
Nothing has changed at the server level.

To test, I have rolled back to version 1.4.10, and the plugin works correctly again.
Conclusion: the same IDENTICAL site, just changing the version of Security Optimizer
1.4.10 and earlier: Works.
1.4.11 and later: NOT working.

Thanks

Same issue here, unable to log in through 2fa and it keeps prompting errors such as “username is empty” and “password is empty”.

Problem fixed after reverting back to version 1.4.10

I suppose the reason why this issue is NOT widely discussed is because admins usually login through the Siteground dashboard, rather than through the login page of their websites.

Besides, this issue only affect 2FA, so it won’t affect subscribers and authors when they are not required to login through 2FA. (If there are needs for those roles through “sg_security_2fa_roles”, then they’re affected)

I am having the same issue on multiple sites since any updates after 1.4.10. I can only log in by disabling the Siteground Security plugin through my file manager.

Hello,

I can confirm that the 2FA feature works as expected on a fresh instance of WordPress. To be able to provide any assistance, describing the regular login process and just saying that the process fails, does not provide any technical details that would allow us to work on the case. We need technical, debugging data to be able to suggest any solution:

– What is the Debug console of the browser showing before the login process fails?
– does the WordPress application itself show any errors? Try enabling the Debug mode in WordPress while recreating the issue, then provide here any errors;
– does the server environment log any errors?

if you are a SiteGround customer, please post a support ticket so that we can check the issue while it is occurring and try to debug it.

If you are not a SiteGround customer, then you should disable temporarily all other plugins and switch to a default theme to test the plugin. Then re-enable the plugins one by one. Enable debugging in WordPress. Enable the debug console of the browser.

Regards,
Plamen.M
Tech Support Team
SiteGround.com

Hello

I have already provided, three times, the information that I can respond to.

• The console does not display any error messages.
• No, WordPress application does not show any errors.
• The server does not log any errors.

I already tried deactivating the rest of the plugins. It didn’t solve anything.

Thanks