2fa not working

Hi @lordsnake, thanks for reaching out!

Were grace periods set for the admins that were never acted upon and have since expired? If not, I take it everybody had their 2FA authenticators set up and have suddenly stopped needing them?

Are you now expected to scan the QR code all over again with your account as if the plugin has been reset or does it present as if active?

Thanks,
Peter.

there is only 1 user show as still in grace period, which was 10 days, and that was months ago.

the other admins, myself included, enabled the 2FA months ago.

A smentioned above, nobody is being prompted for their OTP anymore. So it just logs you in with only username/password.

Hi @lordsnake,

When you sign in on an account that no longer prompts for 2FA, do you see a fresh QR code on your Login Security page or does the plugin think that 2FA is still active?

I haven’t heard of cases where 2FA tables have been reset without the plugin being deactivated first. Are you aware of any downtime or events with your host or other admins where they may have deactivated Wordfence and selected the option presented at that time to remove the plugin data? If you don’t have emails enabled to prompt you when Wordfence is disabled, that may be harder to rule in or out.

If the accounts still believe 2FA is active, then it’s less likely that the plugin data has been removed, but if something about the login page has changed the flow Wordfence is expecting, a failure to login would be the more likely outcome than just being allowed through.

Thanks again,
Peter.