Wordfence 2FA multiple server setup

  • Hi there,

    I have a question about the 2FA from Wordfence.
    Our stack looks like this:

    • Cloudfront -> Loadbalancer -> 3 different servers -> connected to a database server

    Those 3 server run identical WordPress installs and all connected to a database server (same database).

    My understanding is that the 2FA is going to keep a file on the server that is used to match the code from the client trying to log.

    Given that a user goes through the load balancer, it never knows on what server is going to land, is the 2FA still going to work?

    Because when I’m going to enable 2FA is going to happen from one of those servers, if there is something stored locally is going to be only on that server. If it’s at the database level, than it’s fine because they all use/share it.

    Let me know if the 2FA will work given this setup.

    Update:
    I’ve already applied this part: https://www.wordfence.com/help/firewall/mysqli-storage-engine/

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @necroob,

    Thanks for reaching out. Since you’re on a load-balanced server using one database, I still recommend using MySQLi storage engine as this will ensure all configuration is saved in the database for the firewall, but it isn’t required for 2FA specifically.

    The login security data, including 2FA, is saved in the database. The 2FA data in particular is saved in the wfls_2fa_secrets table. As long as all servers on the load-balanced setup are using the same database, 2FA should work without issue.

    Please let me know if you have any other questions!

    Thanks,
    Margaret

    Thread Starter George-Paul Cre?u

    (@necroob)

    Hi @wfmargaret ,

    Thanks for getting back to me with these details.
    Yes, I can confirm that the 2FA works correctly.

    Thanks,
    George

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.