2FA no longer works

  • We are a siteground customer, and have a dev site spun up, to which I’ve been adding content over the last month or so. We have both a custom login url and 2FA enabled, and I’ve been able to sign in OK up until this morning.

    This morning the ‘do not challenge me for 30 days’ timer was up, so I needed to reenter my 2FA code; however, when I did, it redirected me back to the regular (non-admin) login url, with blank fields, stating that both username and password were empty.

    I signed in to the site using Siteground’s admin login and, thinking that my 2FA had somehow expired, I reset the 2FA option for my admin account, so I could then sign in after refreshing my 2FA. This, however, didn’t work; I’ve been unable to add a new 2FA for my account, in either Firefox or Edge.

    I’ve cleared my browser cookies and cache, and restarted my browser (both Firefox and Edge [Chromium-based]). I’ve cleared Siteground’s cache. I’ve restarted my PC (Windows 11 Pro). Nothing has enabled me to sign in with 2FA enabled.

    My plugin is on the latest version (1.4.12), and I can state that simply clearing the cookies, and restarting the browser, do not work.

    I’ve looked in Siteground’s activity log, and it’s recognising that the initial request to sign in is from a registered user; however, the next state of the process it says is from an unknown user (with the same IP address), and it recognises that the interaction is a human not a bot. In each case it gives a 200 response. Digging into the console on my browser, it states the following:

    Cookie “wordpress_test_cookie” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

    This appears to happen with all other cookies set at login, with none of them having the required SameSite=None attribute set.

    I hope this information helps to resolve this issue.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Dimo Dimov

    (@dimodi)

    Hello @spacemanspiffey,

    Such issues can sometimes occur due to the unique combinations of plugins and themes that different WordPress sites use and are often a result of a conflict with another plugin. If you have another security plugin installed please make sure to disable it. Then you can try re-adding the custom login URL through our Security Optimizer plugin and enabling the 2-factor authentication.

    If the issue persists please reach out to us by opening a support request from your SiteGround Client Area. This will enable our team to access and inspect your web application directly and provide more targeted assistance.

    Regards,
    Dimo

    Thread Starter spacemanspiffey

    (@spacemanspiffey)

    Thanks Dimo,

    I contacted Siteground support, and I was able to get access to the site (kind of). However there’s something weird going on (which I don’t understand), but hopefully it’ll make sense to you.

    In terms of access, I can only access the admin account as long as I sign in using a private browsing window in Firefox. I can’t sign in (and get the same error) if I sign in using a regular Firefox window. I also can’t sign in using Microsoft Edge (Chromium), whether in a regular or InPrivate window.

    However, what is really curious is that the error is both present and the same, whether I’m accessing it using my work PC or my personal laptop at home. Two completely different machines, browsers, cookies, stored site data, ISPs and IP addresses – yet with the same problem. What’s even more puzzling is that my work colleague has no problems with accessing the same site admin with his login.

    Surely that means that there must be something on the site, or being used by the plugin, that is preventing only me from signing in to the admin section?

    It’s a real head-scratcher, and I thought it worth sharing this.

    Plugin Support Dimo Dimov

    (@dimodi)

    You are most welcome.

    As mentioned earlier, without direct access to your website, it is challenging to determine the cause of the reported behavior. Since you are a SiteGround customer, the most effective way to address this is through our Help Desk. Please open a ticket with our technical support team referencing this forum thread and provide as much information as possible – steps to recreate the issue, login credentials needed in the process, etc. This will allow us to examine your website, assess any potential issues with the Security Optimizer plugin, and propose a suitable solution.

    Regards,
    Dimo

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘2FA no longer works’ is closed to new replies.

Tags