Two-Factor Authentication (Email code) not working after last update

Hi @davidoso,

What was the exact behavior that occurred when the login was prevented, did you not get the input field for the 2FA code presented at all when logging in to that account?

If this is the case, the most-likely explanation is that 2FA was require for that user role; but the Grace Period for the user to configure 2FA had expired. And the login was blocked as a result.

Now that you’re logged into the Admin Dashboard again, you can remove the define( 'RSSSL_DISABLE_2FA', true ); from the wp-config.php file and check under Security -> Settings -> Login Protection -> Two Factor Authentication -> Users if the 2FA status for the account in question had indeed “Expired”.

If this is the case, you can click Reset to restart the Grace Period and configure 2FA on the next login attempt. If you’d rather make 2FA optional (so, don’t lock the account if 2FA isn’t configured within the grace period) you can remove this User Role from the Enforced for section.

Kind regards, Jarno

Hi, I got error: Invalid login details.

Other account that doesn’t use 2FA is working.

My admin account was set up with email 2FA method an was working perfectly until yesterday when I updated plugin.

My admin account is not in 2FA Users list.

Now I turned on 2FA and my admin account is locked out again with error message: Invalid login details.

Hi @davidoso,

Thanks for sharing the message. I would still suspect that this particular account is locked out due to the Grace Period having expired.

What I would suggest to confirm if this is indeed the case:

– Re-enable the 2FA feature and after doing so, navigate to Settings -> Hardening -> Basic and disable the “Prevent login feedback” slider.

– Log out and try logging into the account that experienced the issue, and you should now see the actual reason why you can’t login

If it was indeed due to the Grace Period having expired, you could remove the “Administrator” role from the “Enforced For” field in the 2FA settings, so that 2FA is enabled but not required for those users. This will avoid the account being locked out if the Grace Period expires, effectively making 2FA optional.

Kind regards, Jarno

Hi,

now I got message: Your 2FA grace period expired. Please contact your site administrator to regain access and to configure 2FA.

Why my account was not added to Users list if I configured 2FA correctly? There is no reset button to trigger the 2FA onboarding again.

Hi @davidoso,

Fair question, can’t say I know exactly why that might’ve happened here. In any case, your User and the “Reset” button for 2FA might not appear when you still have the define( 'RSSSL_DISABLE_2FA', true ); in your wp-config.php file.

So after logging in to the WP Dashboard, remove the line from your wp-config.php; then navigate to Security -> Settings -> Login Protection -> Two-Factor Authentication -> Users once more, refresh the page once, and check if the Reset button now appears for your user account.

After which you could set the desired user roles only in the “Enable for” field, but skip adding these within the “Enforce for” field; so that no grace period will be required to configure 2FA, and no lock-out should be able to occur any longer either.

Kind regards, Jarno

Hi, I removed line from wp-config and now I can see my account is Users list, but Reset button is not active, status: open, there is no method.

Hi @davidoso,

Could you try forcing a reset by removing the Administrator role from the “Enforced for” section, saving the settings on the page with the “Save” button, and refreshing the page once when you’ve done this?

After which you could include the Administrator role in the “Enable for” section at 2FA via e-mail, and reconfigure 2FA on your next login attempt.

We will investigate how this behavior might have started to occur in the first place.

Kind regards, Jarno