Can’t activate 2 factor authentication

  • I have been trying to activate 2 factor authentication for my administrators for several days, but it isn’t getting applied.

    I’m a web dev for the site https://nationalsculpture.org/. We had 2 Factor Authentication working for our administrator users before this website was hacked this weekend; since we cleaned out all the malware, 2FA won’t turn back on.

    In Login Security Settings, I’ve set up that Administrator 2FA is required, 0 grace period; it still says all users have 2FA inactive.

    I go into my profile (or other users profiles) and click on Activate 2FA here:

    This is the screen I see; the “Activate” button is greyed out and I can’t click on it.

    The Server & browser time is essentially the same — .03 seconds off.

    I’ve cleared site and browser caches every time I make a change, and tried most of the usual tricks and those recommended in support; no luck.

    We do have a number of essential plugins on this site; the strange thing is that this has happened right after a hack. My developer mentioned that the wordfence-waf.php file was one of those hacked; should it contain something that is disabling the 2FA?

    https://www.ads-software.com/support/topic/how-to-enable-two-factor-authentication-for-a-user-author/

    Thanks in advance for your help.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @shanacohen,

    I wouldn’t necessarily expect a plugin conflict breaking our Javascript to enable the button if you’d been running 2FA before, but it is still a possibility. Does it work when Wordfence is the only enabled plugin?

    If not, there could be an issue with setting it up again if the data from having it previously set up is still in the database. There’s an option to “Delete Login Security tables and data on deactivation” in the Wordfence > Login Security > Settings page. You can check this, disable Wordfence from the plugins page, then reenable it again. Does this return the “Activate” button to an active state?

    Thanks,
    Peter.

    Thread Starter shanacohen

    (@shanacohen)

    Hi Peter,

    I tried both of these options, and neither worked.

    I copied the entire site to a development site, and turned off all other plugins; I still could not activate 2 factor authentication.

    I deleted the Login Security tables and data on deactivation, cleared caches, disabled Wordfence, and then reactivated it. I still can’t Activate 2 Factor authentication.

    Help please?

    Thread Starter shanacohen

    (@shanacohen)

    I just deactivated and deleted Wordfence entirely, including all data and security tables, and cleared cache.

    I then reinstalled Wordfence, set it up again, and enabled login security for administrators. The Activate button is still greyed out for me.

    Please respond with help?

    Yep @wfpeter – exactly the same issue on a client’s site. Cannot activate 2FA on both mine and their administrator account.

    No evidence in the scan of any malicious content although the client did mention seeing some inapprpriate content flash up on screen recently so that might suggest some sort of breach. I expect that could be significant ??

    hi @wfpeter and @shanacohen – is there any progress or updates regarding this issue… it’s all a bit baffling.

    I’ll second the “Please respond with help?” request

    Hi again @wfpeter – just doing some diagnostics and under the Wordfence Table Check I saw the below was flagged

    • Tables missing (prefix wp_, lowercase): wfls_2fa_secrets, wfls_settings

    I’m guessing the missing wfls_2fa_secrets table could be significant.

    Does that give you any more useful info?

    thnx

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Can’t activate 2 factor authentication’ is closed to new replies.