WordPress Android app and Wordfence

  • Hi
    I can’t log with the WordPress Android mobile app if Wordfence is activated. I have this message :

    VERIFICATION REQUIRED … please check the email…etc.”.
    I receive an email, if I click on the link I have this message “Email verification succeeded. Please continue logging in.”
    But the app still can’t connect.

    It works fine when Wordfence is disactivated, and it disconnect me as soon as I activate Wordfence.

    In Wordfence > Login Security > 2FA roles is “optionnal” for administrator.
    And “Disable XML-RPC authentication” isn’t checked.

    How to proceed ?

    Thanks !

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @atoweb, thanks for reaching out to us.

    There is a note before you turn 2FA on to set Require 2FA for XML-RPC call authentication to “Skipped” if you use the WordPress app, the Jetpack plugin, or other services that require XML-RPC. You can find this setting later in Wordfence > Login Security > Settings, so I would check that first.

    If 2FA is instead set to “required”, the WordPress app sends the username and password with every request, so after the first request, the 2FA code is no longer valid. A new code would be needed every 30 seconds, which the app does not support.

    If the WordPress app switches to using application passwords, that would most likely rectify any authentication issues going forward.

    Thanks,
    Peter.

    Thread Starter atoweb

    (@atoweb)

    Yes thanks but Require 2FA for XML-RPC call authentication is already on “skipped”

    Plugin Support wfpeter

    (@wfpeter)

    Hi @atoweb, thanks for clarifying that.

    This is quite unusual as the “VERIFICATION REQUIRED” message is related to the message Google will send back when the user fails to be confirmed as human by reCAPTCHA checks. I say unusual though because reCAPTCHA shouldn’t be considered in the context of using the app, hence why you can skip 2FA but there’s no similar option for reCAPTCHA.

    Could you please try turning off reCAPTCHA in Wordfence > Login Security > Settings to confirm whether you still receive this message when signing into the app?

    Thanks,
    Peter.

    Thread Starter atoweb

    (@atoweb)

    Thanks, but it make no difference.

    Thread Starter atoweb

    (@atoweb)

    What other setting can I change to try to allow the connection?
    It would bother me to have to remove Wordfence, but I need to be able to connect the Woocommerce app.
    Thanks

    Plugin Support wfpeter

    (@wfpeter)

    Hi @atoweb, is this the WooCommerce app you’re using? Previous mentions here have been of the WordPress mobile app.

    We have seen some behaviors where WooCommerce reCAPTCHA plugins have conflicted with Wordfence’s Login Security but would need to confirm which plugins you’re using.

    I think it’s best to send a copy of your diagnostics to us at wftest @ wordfence . com directly using the link at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks again,
    Peter.

    Thread Starter atoweb

    (@atoweb)

    Oh yes my bad I was talking about the WooCommerce app.
    I sent the report.

    Thread Starter atoweb

    (@atoweb)

    Hello
    It’s been 2 weeks, were you able to take a look at it to see the problem?
    Thanks

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘WordPress Android app and Wordfence’ is closed to new replies.