WP Defender does not know if Jetpack’s WordPress.com log in has been turned off

Hello,

WP Defender checks if a site has Jetpack and WordPress.com log in turned on. If it’s on, then WP Defender’s 2FA would be disabled.

However, when Jetpack’s WordPress.com log in option is turned back off, maybe the update_option_jetpack_available_modules action is never fired by Jetpack… I ‘m not sure what happened, but I believe $settings->markAsUnConflict would never be executed.

https://wpdefender.cloud77.com/wp-signup.php is available to you for testing. It has Jetpack with WordPress.com log in turned off. However, it was on just once before. I don’t think you will be able to make 2FA to work for your account there.

Workaround:

In /app/module/advanced-tools/component/auth-api.php, add this right above the first occurrence of return $isConflict;:

global $wpdb;
$sql   = "SELECT blog_id FROM <code>{$wpdb->prefix}blogs</code>";
$blogs = $wpdb->get_col( $sql );
foreach ( $blogs as $id ) {
    $options = get_blog_option( $id, 'jetpack_active_modules', array() );
    if( !array_search( 'sso', $options ) ) {
        $settings->markAsUnConflict( 'jetpack/jetpack.php' );

        return false;
    }
}

Also, add this right above the last occurrence of return $isConflict;:

$options = get_option( 'jetpack_active_modules', array() );
if( !array_search( 'sso', $options ) ) {
    $settings->markAsUnConflict( 'jetpack/jetpack.php' );

    return false;
}

Please let me know if you have any question.

Thanks,

@awijasa

The page I need help with: [log in to see the link]