Again: Cannot login on sites that already had 2FA

@pmmueller

Please accept my apologies for your inconvenience.

I have just tested AIOS 5.0.7 version and Wordfence plugins with Wodefence 2fa enabled and the login is working perfectly.

Can you please open the browser console when logging in and ensure that you are not seeing any error in it?

Thank you.

I forgot to mention that I also activated the Honeypot Math Question from AIOWPS on the login screen. Maybe that causes problems in combination with 2FA?

So on the login screen I enter username, passwort and the answer to the math question.

On the next page 1Password fills in the One Time Password (synced with Wordfence 2FA)

And then I get the error message that username etc. is invalid.

Console
No relevant errors in the console as far as I can see. Only an icon from 1PW that could not be found and causes a 404.

“localhost”
I have just tried to reproduce the login error, and now I am being redirected to 127.0.0.1. I am not yet whether this is related to your plugin, but it seems weird.

• This reply was modified 2 years, 5 months ago by Peter Müller.

FYI:

I have another site with AIOWPS and WordFence 2FA, but *without* the Honeypot Math Question, and on that site I can login without problem.

So maybe it is related to the Math Question. I dimly remember reading something somewhere in this support forum about the logic of the login check not being ideal. Maybe it’s got something to do with that.

But this 127.0.0.1 error appears to be related to AIOWPS.

If I deactivate the plugin I can log in and out and work just normally.

As soon as I activate the plugin I get redirected to on log out and cannot log in anymore.

• This reply was modified 2 years, 5 months ago by Peter Müller.

Hey pmmueller, thank you for the information you have provided. Are you able to confirm if you’re getting the same issue in the latest update which we issued last night?

In regards to the redirect to 127.0.0.1, your assessment is correct. Some features of AIOS do redirect to 127.0.0.1. “Enable Honeypot On Login Page” is one such setting.

I have reactivated WP Security V 5.0.8 with Login Captcha (Math Question) and the redirection issue to localhost 127.0.0.1 appears to have been fixed.

BUT the original reason for this thread persists:

I cannot login as long as WordFence Login Security (V1.0.11) is activated. If I disable one of the two plugins I can login.

It’s getting to the point that I open an FTP program in order to be able to quickly disable WP Security so that I can log in to the WordPress backend…

@pmmueller

Sorry for the delay in the reply.

I can replicate the issue with AIOS simple math catch. Until now, we are not able to find a proper solution.

I have created task for it in our internal task management system. We might disable the AIOS captcha if Wordfence 2FA is enabled.

Thank you for reaching out to us.

I have disabled the AIOS captcha on all sites with Wordfence 2FA in order to be able to login.

It was activated because some users did not use 2FA and for them I wanted an extra layer of security at log in.

In the long run I will probably try to move the sites to AIOS 2FA. Does that work together with AIOS captcha (aka “simple math catch”)?

• This reply was modified 2 years, 4 months ago by Peter Müller.

The AIOS 2FA and AIOS captcha are working together very well. We have tested this combination many times.

Thank you.