We just activated this plugin and are unable to login on WordPress. User enters credentials and is looped back to login screen without any Duo Popup, etc. Is there a known issue related to this? Admins are locked out

Hello,

Unfortunately it is not working with latest version – there is a bug – attached logs https://ibb.co/ccG6PCJ

I recently discovered that the Duo Two-Factor Authentication plugin causes frequent logouts when used with the SmartCrawl plugin. Since I had only recently started using SmartCrawl, I assumed that the problem was with that plugin and reported it as such. The SmartCrawl devs pointed out that the Duo plugin hasn’t been updated in over two years, and has not been tested with the last three versions of WordPress.

So I’m reporting the problem here, although it looks likely that Cisco will kill Duo, so I’m not hopeful. In the meantime, I’m looking at alternatives for 2FA, such as the miniOrange plugin, which is compatible with Duo: https://www.ads-software.com/plugins/miniorange-2-factor-authentication/

I just noticed that the FAQ page for this plugin says “Some WordPress plugins cause authentication issues when used in conjunction with Duo for WordPress. We recommend disabling any other plugins that appear to be causing an issue, to allow authentications to function successfully.” Sorry, nope.

• This topic was modified 11 months, 2 weeks ago by jrivett.

Hi,

Can you confirm that this plugin will be updated to support Universal Prompt instead of the traditional Duo Prompt before the end of life date of March 30, 2024?

Thanks,

Rob

All of my sites that have been updated to WordPress 6.1.1 are not allowing me to login until I take out this plugin. Has anyone else had this issue?

I also updated PHP so maybe that is the issue?

Does anyone have a different plugin that works?

I have used Duo for years with no issues.

I love Duo, been using it for years, it’s always been reliable. There is something with Third Party apps though, and I can’t figure it out. I have a few sites I use Duo to log in with, and they appear as Third Party apps. For some reason I never get Push notifications with those, I tried going through the settings using a desktop, and in the app, these Third Party ones don’t even show up in my account on the website…

Help?? I need these to send Push notifications, does anyone know what’s going on with Duo on iOS?

Thanks!

Hi,
When we will get Duo Universal promote in WordPress?

Thanks

Hi,
We installed according to the docs and experienced a complete lock out of the admin. Had to remove the plugin completely from the back-end to gain access.

Our developer seems to think domain mapping may have something to do with it, and I’m inclined to agree. Is it possible for Duo for WP to conflict with this? Do you have any other tips or suggestions to help us get Duo installed on our WP Multisite?

Hi,

I created a duo account, added the below details to my duo mobile wordpress plugin

Integration key

Secret key

API hostname

and now I cannot login to wordpress using my admin credentials.

Any idea’s why ?

Scott

Duo seems to redirect from the wordpress home page to the duo login when a cookie expires. This is only appropriate at certain times. In my case, I was only using duo for admin logins, and so it should only be on admin pages when I get redirected. Instead, it’s redirecting off the home page, and that’s wrong.

Our website is hosted with WPEngine and uses their “Smart Plugin Manager” to auto-update WP plugins as they are released. This all worked seamlessly until recently when they discovered that the Duo 2FA plugin is blocking admin-ajax requests. Is this something that changed recently in the Duo plugin? Is there a way to unblock admin-ajax requests or is there a way to whitelist IP addresses to bypass Duo entirely?

So i created a User for a developer to log in and fix an issue right.

A admin user via wordpress and duo did pop up for him but asked him for his cell so he put in his own number cuase he has duo.

So then duo allowed access but why was i not notified via duo except for an email

how do i block it from allowing outside users from just using their numbers and bypassing me..?

otherwise no point caus a hacker could just create a user and log in>?

does this plugin supports custom login pages? for example login page created by ultimate member plugin..

Would be great to have an option added to allow DUO MFA to be disabled for select WordPress users. This would be helpful for vendor and service accounts.

Thanks for considering this enhancement ??

Hi there!

Found a bug in login with the latest DUO.
“[09-Jun-2020 07:08:20 UTC] Duo cookie with name: duo_secure_wordpress_auth_cookie not found. Start two factor authentication. SSL: 1”

Any solution for this?

/Thanks

I do not have a mobile/smartphone.

If I add Duo Two-Factor Authentication to my sites, do I need one to access the back-end?

We have been testing our site to isolate a Woocommerce problem and when we disable DUO the Woocommerce API starts to work. When DUO is enabled it breaks it once again. Someone please look into this and fix this plugin.

I recently installed DUO to be able to have two-factor authentication on my website, but I am a little confused about something and could not find an answer. The installation process went well without a hitch, but it seems that DUO only works for logging into the site to edit itself. The main aim I had for DUO was for it to be an extra layer of security for users that register or login into the site, and not so much for administrators or people who work on the site itself. I don’t see a way to “add” it persay to the website so when people login or register they are prompted, any insight?

NOTE: I am using WordPress through Dreamhost, if that might change anything.

• This topic was modified 4 years, 8 months ago by hsingh34.

Hello, I was wondering if there is any limitations in regards to which browsers this plugin can be used with. One of my admin users have reported that he is able to see the DUO screen after login in to our site on his desktop but he is not able to see the DUO screen if he tries to login on his laptops.

I just installed and activated this plugin for my Administrator.

Is it possible to setup trusted devices, so that I from my home laptop never is required to go through 2FA?

Good Afternoon,

I noticed upon installing and network-activating on a multisite, it’s showing up the options at the multisite Settings page, but there’s no option for super-admin.

Will there be added support for super-admin role in the near future?

Also, after successfully logging in, and seeing the Duo Push screen. After accepting on the mobile, it redirect me back to the login and I have to log in again because it shows:
ERROR: The username field is empty.
ERROR: The password field is empty.

Installed, followed all simple directions, enter Integration, Secret key, API hostname. Clicked Save – got the blank page with the WordPress logo and nothing else and no way to get back to my WP backend
Tried to delete the plugin via FTP and to reinstall several times get the same issue.
Tried to:

– resets the Secret key – cannot even get to the site the instance the plugin activated.
– delete the app completely in DUO account and still can not login the instance the plugin activated. Even without the App created! Still, get the same blank page.

Wasted over an hour of my day… Deleted!
Look for some other plugins!

Hi, I use Duo Security to protect my admin account. But also subscribers on my website have to provide their phone number if they want to log in. Is it possible to only protect my admin account with 2factor authentication, so that subscribers can log in without that? Thanks a lot for your support. Vincent

Hi there,
I’d like to translate the interface into the Dutch language. As I don’t see any regular wp language files at all, is this even possible?

Also, is it possible to translate the app?

As earlier posted (but not answered or actioned): https://www.ads-software.com/support/topic/seems-to-block-access-to-woocommerce-api/

Duo Security disables API endpoints (any URLs starting with /wp-json). You should definitely change this as it makes DUO un-usable for sites using the API.

It seems this plugin is break the WP CLI utility. On use, it’s checking for cookies (which won’t exist via command line…) and issuing a HTTP 403, with HTML.

Seems the plugin’s not checking whether WP is being called from CLI. Is there a fix or one coming? This breaks WP CLI use, altogether.

With WordPress 5.0 targeted release date of Dec 6, 2018, when will Duo Security be updated to be compatible with 5.0 version?

add_action( 'wp_logout', 'xxx_logout_redirect' );
function xxx_logout_redirect() {
    wp_redirect(get_site_url());
    exit();
}

This will for example no longer work using Duo WordPress. This is since Duo WordPress is calling wp_logout() on :210 in duo_wordpress.php in the method duo_start_second_factor($user, $redirect_to=NULL).

Is there a chance this could be fixed? Duo could for example call wp_destroy_current_session() and wp_clear_auth_cookie() by themselves instead, which is what wp_logout() is doing.

This plugin was closed on October 19, 2018 and is no longer available for download.

Okay, now what?

hello
I found Duo is conflicting with Google Captcha (reCAPTCHA) by BestWebSoft.
when both are activated there is a loop: wp-login->duo->wp-login and you can’t login.
When only one is activated, all is OK.
Do you have any solution to this?
Can you recommend a reCaptcha plugin for login+comments that works with Duo?
Thanks