Ask: Enable 2fa in user profile from only reload back to dashboard

Hi @brmryd,

What PHP version is the site using?

+++ To prevent any confusion, I’m not SolidWP +++

Hi @nlpro,

ATM the php use 8.1.27 version and the Solid security plugin (free version) i use is on 9.2.0.

Many thanks

Hi @brmryd,

Option 1 is to update the plugin to the latest version (9.3.1) and see whether the issue persists.

If the issue persists in the 9.3.1 release, option 2 is a workaround. Add the constant below to your wp-config.php file which will bring back the old 2FA UI on the user Profile page for all users: (How Do I Edit The wp-config.php File?)

define( 'SOLID_SECURITY_LEGACY_2FA_UI', true );

Option 3 is to dig into the plugin code and trace/debug what exactly goes wrong. I have a pretty good idea where exactly the redirect takes place (line #351 in the 9.3.1 core/lib/class-itsec-lib-login-interstitial.php file).

• This reply was modified 8 months ago by nlpro.
• This reply was modified 8 months ago by nlpro.

Thank you @nlpro for above guide & checklist, sorry if i may ask earlier in the option 3 you mentioned for this file #351 – am i on right track to try checking the redirect codes in that php file ?

Thank you

Hi, just want to update

with version 9.3.1 i can still no luck with adding the below its work though it show the enable 2fa in user profile but somehow it become show critical error when user try to login to admin dashboard :
– after user login to dashboard even without ask 2fa
– show critical error wordpress page display -> after refresh / reload it can login to dashboard

define( 'SOLID_SECURITY_LEGACY_2FA_UI', true );

I dont know if its related with itsec_lockouts table not found in my log wordpress can cause this as i ask this in separate question though.

Thank you

Hi @brmryd,

I don’t expect the missing itsec_lockouts table to be the cause of the issue as reported in this topic.

… earlier in the option 3 you mentioned for this file #351 – am i on right track to try checking the redirect codes in that php file ?

I just pointed to that line of code to confirm a redirection (to the Dashboard) can happen. But if you look at the code below you will see the redirection only happens when a certain condition is met:

350 if ( ! $interstitial->show_to_user( $user, true ) ) {
351	     wp_safe_redirect( admin_url() );
352	     die;
353 }

That condition normally evaluates to true (tested in my test environment). Only when it evaluates to false the redirect (to the Dashboard) is executed.

So when we look at the code of the show_to_user() class method (lines #33-63) in the core/modules/two-factor/class-itsec-two-factor-on-board.php file, we see there is only 1 possibility to make the earlier mentioned condition fail:

33 public function show_to_user( WP_User $user, $requested ) {
34	
35	if ( ! $this->get_available_providers( $user ) ) {
36		return false;
37	}
38
39	if ( $requested ) {
40		return true;
41	}
42
43 …

Since the $requested value is true the second condition will always return true, making the rest of the code in this class method irrelevant.

At this point (get_available_providers() class method) I’ll stop, because code execution goes on many levels deep. Somewhere in this stack something goes wrong.

• This reply was modified 7 months, 4 weeks ago by nlpro.

Hi @brmryd, checking in here to see if the issue is resolved.

Clicking the 2FA Configure button should redirect to the onboarding link (https://yoursite.com/wp-login.php?itsec_after_interstitial=2fa-on-board) which is tied to the WordPress Login page.

If the 2FA Onboarding link redirects you to the WP Dashboard (wp-admin) instead, there could be a plugin installed that overtakes the default login page, like a registration plugin. In this case, you can confirm if temporarily disabling that plugin will let you go through the 2FA Onboarding as expected.

Please let us know if you still need help, and we’ll be happy to check further.