Incompatibility with WPML & Security Optimizer (2FA)

Hey folks,

A site of a client had both Security Optimizer and WPML, and the following setting was enabled in WPML:

– Allow translating the login and registration pages

This setting injects the following to the .htaccess (inside the core WP rules):

RewriteRule ^en/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^fr/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^de/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^it/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^pt/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^pt-pt/wp-login.php /wp-login.php [QSA,L]
RewriteRule ^es/wp-login.php /wp-login.php [QSA,L]

Which effectively breaks 2FA and shows the errors many users reported to you:

The username field is empty.
The password field is empty.

Disabling the option (and then flushing the rewrite rules at /wp-admin/options-permalink.php) fixes the issue. Hope this helps!