Force 2FA on login without lock out

  • Resolved perryrylance

    (@perryrylance)


    1 year, 3 months ago

    Hi folks

    We are forcing thousands of users on sites we own to 2FA.

    The grace period thing is useful but causing a lot of administrative work.

    Is there any way we can make the grace period indefinite, but force users to set up 2FA on login and not allow them anywhere else until that is done?

    If there is no feature for this, could you let us know how to test if a user has 2FA setup programatically so we can write a plugin to do this ourselves?

    Thank you

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @perryrylance, thanks for getting in touch.

    I have treated your use-case as a development request as the plugin doesn’t currently support the locking-down of a site before 2FA within a grace period has been configured.

    Checking whether or not a row exists for the user ID in?wp_wfls_2fa_secrets should let you see if a user has set up 2FA.

    Checking whether or not 2FA is required is not quite as straightforward. The required roles are stored in the?wp_wfls_settings?table with names in the format?required-2fa-role.<role>?where the value is the timestamp at which 2FA was required or?-1?if 2FA is not required.

    We are unable to support custom code here or guarantee that custom code will continue working as the Wordfence plugin evolves over time, but you should be able to implement this by looking at the data above.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Force 2FA on login without lock out’ is closed to new replies.