Issue activating 2FA

  • Hello, we use Wordfence on upwards of 100 sites and have never had an issue activating 2FA.

    On one particular site however, we can activate 2FA for users but then they cannot log in, it says the code is invalid.

    Looking in the database at tab;e WP_WFLS_2FA_SECRETS I can see it has generated an entry for the user, with the correct user_id, ctime of a long number string and mode as authenticator but vtime is 1.

    On the staging site for this particular site which is hosted on the same hosting platform vtime is a long string of numbers.

    Can you suggest why this may be registering as a 1 and how we can resolve?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @user9876789, thanks for getting in touch.

    The?vtime?parameter is a timestamp that corresponds to the last time that particular 2FA record was used to log in. It’s initialized to?1?so your result is expected since the user account hasn’t been able to log in successfully.

    Are there any additional plugins like membership plugins or custom login forms/pages/modals that could be changing the login flow from the ones supported on your other sites?

    To check if the server time is off, what do all the times say at the bottom of the Wordfence > Login Security main page? If all of your timestamps are showing as consistent, I have seen some occasions when changing authentication app can yield different results. If you’re using Google Authenticator, try Authy, or vice-versa.

    Many thanks,
    Peter.

    Thread Starter user9876789

    (@user9876789)

    Thanks for your reply – in regards to Are there any additional plugins like membership plugins or custom login forms/pages/modals that could be changing the login flow from the ones supported on your other sites?

    The staging and live site have the same plugins and functionality and they’re on the same hosting. The sites did have Really Simple Security installed but I removed that as it wasn’t needed. If the staging site didn’t work I’d be inclined to think it was a plugin, theme or hosting issue but like I say they’re the same.

    I also tried making a new login (mainly because I was using the admin one and once I’d added the 2fa I couldn’t get back in without the client logging in to deactivate the 2FA) with the user role of Contributor and this does the same.

    Live and dev sites both match time wise and say
    Server Time: 2024-11-15 08:58:04 UTC (2024-11-15 08:58:04 Europe/London)
    Browser Time:?Fri, 15 Nov 2024 08:58:04 GMT (Fri Nov 15 2024 08:58:04 GMT+0000 (Greenwich Mean Time))
    Corrected Time (NTP): 2024-11-15 08:58:04 UTC (2024-11-15 08:58:04 Europe/London)

    We use 1Password to store our logins – and use the in built feature in there to scan QR code which hooks up the 2FA. We don’t use Authenticator for these logins as we use one company login for several developers to share.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.