2FA Appears on Front End When User Logged In

  • Resolved Scott DeLuzio

    (@scottdeluzio)


    5 years, 8 months ago

    I clicked a link, which redirects to a blog post on a site that I was already logged into as an admin with 2FA. Before I could view the blog post I was hit with the 2FA screen.

    The redirect was to the front end blog post, not to an admin area.

    When I manually went to /wp-admin on my site, I was able to access it right away without the 2FA challenge, which is expected because I was logged in already.

    When I clicked the same link in an incognito window (where I was logged out of the site) I was redirected directly to the blog post without a 2FA challenge.

    Any reason for this strange behavior? I mean I don’t mind the extra step so much, but it doesn’t make sense that it would display that challenge when viewing a front end page at all.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author as247

    (@as247)

    Hi,
    WordPress 2-step verification is protect user session, when users logged in they will be asked for verification. It works on both frontend and wp-admin

    Thread Starter Scott DeLuzio

    (@scottdeluzio)

    I can understand that. I guess the issue is that I already logged in with 2FA.

    Basically the process was:

    • Logged in with my username and password
    • Got prompted with the 2FA screen
    • Login successful, and now I’m on the wp-admin dashboard screen
    • Clicked a link that redirected to the front-end blog post
    • Challenged for 2FA again (without having to login again)

    The user session never ended as far as I can tell, so I’m questioning why it would have prompted the 2FA screen again?

    Plugin Author as247

    (@as247)

    Hi,
    I think this may related to https/http, eg wp-admin is on https while frontend is http or vice versa

    Thread Starter Scott DeLuzio

    (@scottdeluzio)

    Both are on HTTPS on the site, so I don’t think that’s it. I did also notice that on occasion updates on the site fail to run, and I get prompted to enter a code. It hasn’t happened often though, but if it happens again I will take a screenshot. It appears to be looking for the 2FA code, and not a third-party license code or anything like that.

    Thread Starter Scott DeLuzio

    (@scottdeluzio)

    Here is an example from attempting to install a new plugin. The message is similar when updating though:
    https://cl.ly/c72031e78a9b

    But once I enter 2FA through the front end of the site as well as the back end, the plugin is able to be installed as usual.

    This just seems like a very unnecessary step.

    • This reply was modified 5 years, 7 months ago by Scott DeLuzio.
    Thread Starter Scott DeLuzio

    (@scottdeluzio)

    Today I got this on the network admin dashboard on a multisite: https://cl.ly/437b95819a67

    Very strange behavior.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘2FA Appears on Front End When User Logged In’ is closed to new replies.