2fa Server Time Error

  • Running a CentOS 7 server on a VPS.

    Checked the server time through ssh shell, checked PHP.ini configuration, checked WordPress General Settings. All display my correct local time.

    When accessing the Login Security/Two-Factor authentication page on the WordPress admin page, the server time displayed at the bottom shows UTC time, which is not the same as displayed in any of the other checks I made. As a result I can’t activate 2fa.

    Please help.

    The page I need help with: [log in to see the link]

Viewing 15 replies - 16 through 30 (of 40 total)

  • Deleted due to duplicate post

    • This reply was modified 5 years, 6 months ago by jameshurrell.

    @wfgerald here are some screenshots from my wordpress install:

    1) WordPress general timezone settings: https://imgur.com/rpRDlFo
    2) Wordfence time: https://imgur.com/gdLKhdT

    With this in place, all codes issued from Google Authenticator are rejected when I try to activate.

    Edit: I also tried to activate with Authy, and unfortunately that doesn’t work either.

    • This reply was modified 5 years, 6 months ago by jameshurrell.
    • This reply was modified 5 years, 6 months ago by jameshurrell.
    Thread Starter dloprodz

    (@dloprodz)

    @wfgerald:

    Yes! There is a match between Settings > General “Universal Time is …” and Wordfence > Login Security “Server Time: “.

    I’ve been saying since the beginning that those two match, and that is precisely the root of the problem. “Server Time” should NOT match UTC time, it should match Settings > General “Your local time is…”.

    UTC time is just a reference, you need to apply an offset to it depending on the timezone to match each user’s local time. if you always match “Server time” to “UTC time” 2fa authentication will ONLY work for 1/24th of all people using WordPress, or people living in UTC-0 timezone, it makes no sense at all. Anyone outside of a UTC-0 timezone will NOT be able to use your 2fa until you fix this issue.

    To clarify:

    Settings > General “Your local time is {correct local time}”
    Server cli # date
    {correct local date/time}
    php.ini > date.timezone = {correct local date/time zone}
    Time on my phone, running the 2fa app > {correct local time}

    Settings > General “Universal time is {UTC time correctly, but definitely not my local time}

    Wordfence > Login Security “Server Time: {UTC time, but definitely not my local time}

    I hope that with this explanation you now understand our issues, we all live in different timezones, they will NEVER match UTC. Although we all use UTC as a reference to know our exact local time, you need to apply an offset to UTC depending on the timezone otherwise why even set a timezone at all.

    • This reply was modified 5 years, 6 months ago by dloprodz.
    Thread Starter dloprodz

    (@dloprodz)

    Any update on this? Seen more people with the same issue.

    Thread Starter dloprodz

    (@dloprodz)

    @wfgerald ,

    Have you been able to look any further into this issue? New posts on the same subject keep popping up, perhaps is something we are all not seeing, but could really use some help on this. If there are any further tests we should be running please let us know.

    Any update on this?
    I thought I could skip a plugin but unfortunately server time versus local time still gives a problem (2 hour difference).
    So back to miniOrange 2 Factor Authentication

    Also unable to use the new 2FA for the same reason. I am not a programmer however and am lost in some of the details. Wordfence needs to fix this so one doesn’t need to be a programmer to fix.

    Running a new scan gives as result the right server(local)time :[MAY 28 12:26:39]] Scan Complete
    2fa Server Time: 2019-05-28 10:26:48

    Change 2fa server time in scan time and the problem is fixed?????
    it’s just an idea.

    I’m also intrigued as to how to resolve this.

    Strangely, I’ve managed to successfully set my own admin login up with 2FA [at the time oblivious to the time difference of 1hr – I’m in UK], however my client is having issues [also in UK] with error dialogs suggesting the time difference is the factor, preventing his ability to sync up and therefore not have 2FA on his own admin login.

    I’m also agreeing with the fact that WordFence shouldn’t default to a timezone that isn’t correct by default – even if it is considered ‘universal’.

    I’ll wait patiently for a solution. Hope my client can too…

    Still waiting for a solution. Still 2 hours differnce and 2FA not working…

    Yep, still not working, although no new Wordfence update lately… still on 7.3.2

    I’m pleased to report that I’ve now managed to successfully activate 2FA with my wordpress sites! WordFence has updated to v 7.3.3 overnight and the Server Time display is now different, meaning 2FA now works! Hooray, thank you WordFence! Screenshot below:

    View post on imgur.com

    • This reply was modified 5 years, 5 months ago by jameshurrell.

    Unfortunately, I’ve just downloaded the current version today and I’ve run into this issue. Strangely enough, adding the Wordfence plugin broke the 2FA plugin I had previously been using (mini-orange). I was unable to login to my admin account and had to delete the 2FA plugin via FTP before I could log back in. I got a time error when trying.

    May have figured it out. I had to rescan the authenticator barcode after changing my WordPress timezone.

    Still the same problem, servertime is 2 hours wrong. Wordfence 2FA is not working, and I am afraid will never work for me….

    Server Time: 2019-08-08 10:39:22 UTC (2019-08-08 12:39:22 Europe/Amsterdam)

    Back to DUO 2FA

Viewing 15 replies - 16 through 30 (of 40 total)
  • The topic ‘2fa Server Time Error’ is closed to new replies.

Tags