2FA whitelist

  • Resolved jderosa

    (@jderosa)


    2 years, 1 month ago

    I have a site setup with 2FA and have whitelisted my dynamic IP4 address. All works fine for me. But on another Mac, a user is constantly challenged for 2FA. When I look at the info, the other Mac is showing up as coming from an IP6 address. This is not consistent, but often enough that we get several 2FA challenges a week, even though we’re all on the same network.

    Question is, is there any way to force wordfence to check IP4 address of requests before challenging?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jderosa, thanks for getting in touch!

    There is a possibility that incorrect detection on the site could be involved. Head over to your site and go to Wordfence > All Options > General Wordfence Options > How does Wordfence get IPs. You can check whether the correct IP is coming through by comparing the value specified here to your IP as seen on https://www.whatsmyip.org/

    I must consider the option, although you’ve stated you’re on the same network, this user happens to be on a cell network or another WiFi somehow. It could have different network config allowing the Mac to use IPv6 that you’re not using, or a VPN that supports IPv6.

    If the other user is visiting the site via IPv6, there isn’t a way to check the IPv4 address because they’re not using IPv4 at the time they hit the site.

    Our option Wordfence > Login Security > Settings > Allow remembering device for 30 days might be a good option here. They’ll still have to use 2FA once a month, but as long as they’re on the same browser and don’t clear cookies, they get a month with no prompts.

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘2FA whitelist’ is closed to new replies.