How to force user to use 2FA

For further clarification, I plan to enable other user roles to require 2FA. Not just the main site admin.

Hello @pkdsleeper,

There is no option to skip the 2FA once this is enabled under the plugin.

The Admin or Editor users are prompted to scan the QR code and generate their 2FA immediately once they log in. If such a user is already logged in within the dashboard, their sessions will be terminated once you enable the 2FA. Each user will need to log in again and set up the authentication.

The user would not be able to log in until the 2FA stipulation is completed or the plugin option is disabled.

Best regards,
Georgi Ganchev

Well, that’s not happening. As you can see from this video, I can login as an Editor and no notice or prompt appears. What am I missing?

Be Advised:

1.) The site is hosted on SiteGround.
2.) I tested this from two different computers (Linux and Windows).

Same results as video.

• This reply was modified 2 years, 7 months ago by Preston. Reason: Additional Details added

@pkdsleeper

I have inspected the issue and I found that this behavior is caused by the plugin you are using called “members”.

The plugin introduces custom user roles and it appears that the Editor role is not a standard one. The difference in the role menu is also visible when the plugin is active and when inactive.

You may deactivate the plugin, flush your browser cache and repeat the same process again. The Editor user will be prompted for 2FA generation.

You can contact the developers of the plugin so they can provide you with further details about the customization applied for the Editor role on their end.

Best regards,
Georgi Ganchev

Greetings @georgiganchev

I have inspected the issue and I found that this behavior is caused by the plugin you are using called “members”….You may deactivate the plugin, flush your browser cache and repeat the same process again. The Editor user will be prompted for 2FA generation.

I have done this and can confirm that taking the above actions does show that it works as described. I will take this up with the developers of the Members plugin and report back there response (for anyone else that may run into this issue in the future).

Thanks again!

…more news as it happens!

Preston

Update: I have notified the support staff for the Members plugin of the situation.

…more news as it happens!

Preston

Quick Update (also posted to Members’ Support page)

I revisited Site Ground’s recommendation to deactivate Members plugin, clear cache and try again (which DID work).

But this time, I just cleared the cookies for the site (using edit this cookie) and left the Members plugin activated and it worked! I did get the 2FA challenge.

So maybe its NOT a conflict with the Members plugin?

Thanks,
Preston

• This reply was modified 2 years, 6 months ago by Preston.

Hello Preston,

Thank you for the update. If the 2FA keeps working after logging out and without having to clear the cookies after that, then we can consider this as a solution – one time deletion of site cookies after 2FA is enabled. However, if you have to do this flushing of the browser cookies every now and then, then the issue should be checked further by the developers of the Members plugin.

Regards,
Plamen.M
Tech Support Team
SiteGround.com