Host service blocks NTP for 2FA

  • Resolved Bob

    (@bobk88)


    2 years, 10 months ago

    I successfully enabled 2-factor authentication yesterday, but later WordFence disabled it because NTP updates were failing.

    I contacted my hosting service, and they said:

    We are currently blocking external UDP calls that NTP uses and that is
    causing the failures. You will want to set that option to disable. You
    might also have to add the following to the wp-config.php file :
    define(‘WORDFENCE_LS_DISABLE_NTP’, true);

    So…it appears I can’t use WordFence’s 2FA.

    Is there any alternative way to get 2FA working?

    Is there any reason to add the code to the wp-config.php file? And would that cause other problems with WordFence?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Thanks for reaching out.

    So far from what we’ve seen, 2FA will usually work without NTP. If the server has accurate time and/or is running NTP itself, then our check isn’t needed.

    We do know that SiteGround and at least one other host blocks NTP, but both have customers using 2FA that has been working fine without it.

    Try adding the constant in your wp-config file and testing to see if it is working for you. If you have problems you would need to find another plugin to handle 2FA for your site though I suspect that it could be a problem with any service you chose.

    Tim

    Thread Starter Bob

    (@bobk88)

    I added the code to wp-config.php, re-enabled 2FA (“required”) and logged out.

    2FA worked the next time I logged in.

    Looking back, I mis-interpreted the description of NTP in the Wordfence settings:

    Wordfence Login Security uses this protocol to ensure that it has the most accurate time which is necessary for TOTP-based two-factor authentication.

    I thought “necessary” referred to NTP. Now I see that it refers to “accurate time.”

    I took it to mean that if NTP were disabled, 2FA would be automatically disabled, which is not true. I didn’t know that timing can come from the host server.

    You might consider adding something like “If your server’s time is accurate, NTP is not required for 2FA.”

    My hosting service said their servers time is quite accurate, so hopefully this will keep working.

    Thanks very much for the help!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Host service blocks NTP for 2FA’ is closed to new replies.

Tags