Login issues when using WordFence

  • I think I have discovered an issue with the wp-members login form. I have a page which has the shortcode for members to use for login. I also have WordFence installed but I am not using 2FA for the user members yet as I do not really want to cause more login friction to this audience at this moment (they are of a certain demographic).

    So when they login, It comes up with a message:

    VERIFICATION REQUIRED: Additional verification is required for login. Please check the email address associated with the account for a verification link.

    and immediately afterward, it sends the following email content:

    The request was flagged as suspicious, and we need verification that you attempted to log in to allow it to proceed. This verification link?will be valid for 15 minutes?from the time it was sent. If you did not attempt this login, please change your password immediately.

    You may bypass this verification step permanently by enabling two-factor authentication on your account.

    I have to click on a link in the email which takes me to the default /wp-admin login page instead of the special members page and then the user has to login YET AGAIN and then can access the members area and content.

    So I disabled the Wordfence plugin and I do not have any of these issues. It could be that Wordfence is being way too strict on the rules for my IP but I know that other users are experiencing the same problem.

    Is there any workaround for this as I would still like to continue using WordFence for my security and I am not liking the idea of forcing my member users to use 2FA. Maybe I could consider OTP though.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author Chad Butler

    (@cbutlerjr)

    WP-Members’ login process uses WP’s wp_signon(), so it triggers all of the core authentication. That means that anything you apply to wp-login.php that may be “extra” beyond just username and password will also be required for the front end WP-Members login form (some of which will be compatible, and some will not).

    I would recommend that when you test and reproduce this issue, that you also test the same credentials using the wp-login.php to determine if the issue is front-end specific or if it’s also happening with wp-login.php. That would at least give you a better idea of what directly to do.

    If it’s “front end only”, that doesn’t necessarily mean that it’s an issue with WP-Members. More likely, it’s an issue with additional validation elements only being handled through wp-login.php (although Wordfence is pretty good about that, so that may not be the issue).

    Regardless, I think you need to track down why Wordfence is restricting the login first.

Viewing 1 replies (of 1 total)
  • The topic ‘Login issues when using WordFence’ is closed to new replies.