admin usernames

  • Resolved hampalm1

    (@hampalm1)


    3 years, 7 months ago

    Hi
    I set up an admin with his own username but when he tried to login, I received notification someone was trying to login with my username. So I blocked that persons IP address. I then found it was the administrator I had created. Does anyone know why I received notification that someone tried to login with my username ?

    I also tested setting myself up as a wordpress subscriber and when I authorised the subscriber as admin I didnt set up 2FA and the subscriber didnt have the option to set themselves up with 2FA. Is there a feature enabling the subscriber to choose to set up 2FA themselves ?

    If I am going to force users to use 2FA I want them to use an authenticator app however, I need to be able to give them simple 2FA options like an SMS message otherwise it could put them off using my service if they have to download an app. Can anyone advise on that as well ?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @hampalm1, thanks for reaching out to us.

    To prevent having to post too much sensitive information in this topic, could you please forward a copy of the notification that somebody tried to log in with your username to wftest @ wordfence . com? Please append to the email subject your forum username (hampalm1) to assist me with finding it and add to the body text of the forwarded email the WordPress username of the new admin you created? Let me know here once it’s been sent!

    Wordfence 2FA settings, when enabled and correctly configured, should appear for all enabled user roles in their Edit Profile page where they can modify display name & contact details etc., which can be accessed by all signed in user levels even if they cannot see the admin dashboard at /wp-admin/user/profile.php

    Don’t forget to also enable 2FA for the appropriate user roles by using the checkboxes at Wordfence > Login Security > Settings > Enable 2FA for these roles

    We do not support SMS for 2FA as we don’t believe it to be as secure: https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘admin usernames’ is closed to new replies.