2FA has locked me out

  • Resolved girl_number_5

    (@trutherone)


    9 months, 2 weeks ago

    Today for the first time since installing Defender all my login attempts failed and it has locked me out. I’ve had to disable it via FTP in order to gain access to my installation. Has anything changed recently in defender since it seems to have broken some installations.

    Update 1: just checked php errors – got error:

    [14-Feb-2024 09:39:49 UTC] PHP Warning: Undefined variable $ in /home/xxxxxxx/domains/xxxxxxxxxx/public_html/xxxxxx/wp-content/plugins/defender-security/src/component/two-fa.php on line 547

    Update 2: Found the culprit line 547 and there is a double dollar delimiter on var $$skip_priority_lockout_checks – so i removed the extra ‘$’ but it hasn’t fixed the log-in issue.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Zafer – WPMU DEV Support

    (@wpmudevsupport15)

    Hi @trutherone,

    I hope you are doing well today!

    Please let us know your PHP version and if you are using the latest version of Defender.

    https://wpmudev.com/docs/getting-started/wpmu-dev-minimum-requirements/#defender

    Please also provide us your debug.log file along with the Site Health report which you can get from the WordPress admin dashboard Tools->Site Health->Info->Copy site info to clipboard.

    You can share those details using a services such as https://pastebin.com or https://justpaste.it/ which is free to use.

    Please always make sure to use such service to share the code and don’t post the code here directly as it will most likely be unusable.

    Kind regards,
    Zafer

    Thread Starter girl_number_5

    (@trutherone)

    Hi,

    thanks for the response. I’ve already cleared my PHP debug log and that original error went away after removing the erroneous extra ‘$’.

    Other details asked for:

    WordPress version 6.4.3
    Site Language en_GB
    PHP version 8.0.30 (Supports 64bit values)
    Defender version 4.5.

    Site health check paste is here

    Plugin Support Nithin – WPMU DEV Support

    (@wpmudevsupport11)

    Hi @trutherone,

    It appears the URL to the Pastebin requires a password, so I couldn’t check it in detail.

    Could we know whether removing the extra $ made any difference in log in? or Are you still facing the same issue?

    Also possible to provide further information on what type of 2FA authentication you had enabled which weren’t working? ie Authenticator, Email etc?

    I’m bringing the issue noticed with the extra $ to our Defender teams attention, so that it would be fixed in the next plugin update asap.

    Thanks for pointing it out, really appreciate.

    Kind Regards,

    Nithin

    Thread Starter girl_number_5

    (@trutherone)

    Yes,

    Forgot and later sent the password to you via your generic support email. I’ve removed the password now so please take a look.

    I use Microsoft Authenticator and always have and it works with all other accounts i have setup in it. I’m using: 2FA with Backup codes and email-address methods in that order. I’ve tried the backup codes and also my email and no method is working. Today i tried removing 2FA and re-initialising it with my authenticator app and it won’t recognise the verification code Defender shows after we scan the QR code.

    I’m having to leave my site unprotected while this issue persists but will soon uninstall if it can’t be fixed.

    Plugin Support Nithin – WPMU DEV Support

    (@wpmudevsupport11)

    Hi @trutherone,

    I tested in my system with Microsoft Authenticator, Backup Code and Email Fallback enabled, but it always worked fine without any issues.

    ,

    I use Microsoft Authenticator and always have and it works with all other accounts i have setup in it. I’m using: 2FA with Backup codes and email-address methods in that order. I’ve tried the backup codes and also my email and no method is working.

    Could we know whether you got any error messages regarding when performing the above steps while logging in? A screenshot would be helpful if possible.

    Most probably the issue noticed has to do with a conflict, however, I do see you mention re-setting up 2FA and still getting the same issue.

    Could we know whether you tried that by clicking the “Reset Keys”:
    https://i.imgur.com/TUyn8eA.png

    If not, please do let us know whether resetting it helps.

    Do you have any test site? If yes, possible to check whether you could replicate the same issue there or not? ie with all the plugins disabled and with a default WP theme.

    If it works fine, then there could be a chance the issues noticed might be more related to a conflict.

    Unfortunately, the Site Health info shared doesn’t help in ruling out if it is a conflict or not and will require running a conflict test as mentioned in this flowchart:
    https://wpmudev.com/wp-content/uploads/2015/09/Support-Process-Support-Process.gif

    I also got an update from our Defender team that the double dollar delimiter on var?$$skip_priority_lockout_checks noticed shouldn’t be causing such an issue, however, this will be fixed in the next update.

    Please do let us know how a conflict test goes.

    Looking forward to your response.

    Kind Regards,

    Nithin

    Plugin Support Laura – WPMU DEV Support

    (@wpmudevsupport3)

    Hi @trutherone,

    We haven’t heard from you in a while, I’ll go and mark this thread as resolved. Note that you can still reply on this topic.

    If you have any additional questions or require further help, please let us know!

    Best regards,
    Laura

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘2FA has locked me out’ is closed to new replies.