Authy 2FA has locked me out of my site

How exactly did you integrate Authy on your site without a plugin?

If you restore a backup prior to integrating that, you’ll definitely be able to access your site again, but there should be a way to just remove the integration you added if you let us know how you did it.

I think I misread the WP instructions but I downloaded the app onto my iPhone, scanned the qr-code in WordPress, used the verication from that and applied it to the app. So the app started to generate the codes but obviously they weren’t being accepted by WP. To be fair, as a non-techie person, it was pretty stupid but WP as I recall simply had URLs to several 2FA apps, and when I chose authy I followed the instructions and I don’t recall WP saying anything about installing an authy plugin as well. So, I think it has probably modified the dB, but I can’t see anything new written in the WP config file or anywhere else in the actual WP install. Hope this helps! Cheers, James.

WordPress itself doesn’t have a 2FA system on its own, that functionality would have been added by a plugin, which means disabling it as a simple as manually resetting your plugins (no Dashboard access required).

No matter which method you use detailed in the guide linked to above, phpMyAdmin or SFTP/FTP, you’ll find both in your hosting account’s control panel.

James, I can assure you that there is no plugin associated with authy in the WP plugins folder, as I double checked with my ftp program. James.

Still, try resetting all of your plugins.

I can assure you, of my almost 14 years using WordPress and volunteering here, that WordPress has no built-in 2FA system, so if you scanned a QR code in WordPress to setup a 2FA system, it is most likely a plugin.

Authy’s app supports multiple 2FA protocols, so it doesn’t necessarily have to be a plugin with Authy in the name.

James, I don’t doubt your technical expertise. But the plugins folder contains exactly the same plugins that it did before. But I have just carried out the plugin reset. I then renamed the folder back and logged in to the site. I keyed in my username and password. Then the same verification code box comes up with the accompanying text saying:
‘A verification code has been sent to the email address associated with your account.’ As authy only creates codes on the iphone app, I assume it is these that I must use, as I do not receive any codes via email. I only have two email addresses, neither of which has ever received any codes via email. James.

What is the URL of the site with the problem? Are you logging in through a service other than WordPress’s account system, like perhaps WordPress.com by way of the Jetpack plugin?

No, I’m not using wordpress.com or anything. I have a standard Apache cloud server with one of the leading ISPs. I host five sites on it, including this one with the 2FA problem. The URL is https://www.branddoctorconsulting.com.

I’m beginning to think the quickest and easiest way is to go the backupbuddy route and put everything back as it was!

Yeah, that’s not using WordPress.com’s system at least.

What plugins do you have installed?

iThemes Security Pro (should have used their 2FA approach!)
si-contact form
headway testimonials block
fix ssl non-ssl links
wp-mail smtp (which works perfectly sending mail from WP)

That’s all I have.I’m using the Headway theme, with a child theme.

I bet you actually might have used iThemes Security’s 2FA, Authy will work with that. ??

Access your server via SFTP or FTP, or a file manager in your hosting account’s control panel, navigate to /wp-content/plugins/ and delete the /better-wp-security/ directory.

That will disable all of iThemes Security’s functionality, including its 2FA system.