Conflict with other TOTP Plugin

  • Resolved nbax

    (@nbarnard)


    5 years, 9 months ago

    Hello,

    I had the Google Authenticator plugin v. 0.52 from Ivan Kruchkoff installed on my installation.

    I added TOTP support with Wordfence and I ran into a little bit of trouble.

    Ivan’s plugin requests the TOTP code on the same page as the login page. I was able to get past the login page with the TOTP code for Ivan’s plugin and to the Wordfence presented TOTP entry page. When I provided the TOTP code for Wordfence it wouldn’t accept my code. It also wouldn’t accept my backup codes.

    I was able to regain access to my login by executing the following SQL command:
    ‘DELETE FROM nickb.wp_peidm_wfls_2fa_secrets WHERE wp_peidm_wfls_2fa_secrets.id = 2
    (More or less. I was using phpMyAdmin which generated the proper SQL)

    Now I understand that having two plugins provide TOTP protection is a bit of an overkill and this isn’t my plan in the future, but I was a bit frustrated the Wordfence’s TOTP protection was badly broken by another plugin.

    I’m not sure if its worth digging into this and fixing it, but I figured I’d at least bring it to your attention.

    Cheers,
    Nick Barnard

    • This topic was modified 5 years, 9 months ago by nbax.
Viewing 1 replies (of 1 total)

  • Hi @nbarnard,

    Thanks for bringing this to our attention. We have had reports of some users noticing crippling bugs when running multiple 2FA plugins alongside each other.

    At the moment we are looking into different ways in solving this type of issue (something like a warning when another 2FA plugin is already installed).

    Dave

Viewing 1 replies (of 1 total)
  • The topic ‘Conflict with other TOTP Plugin’ is closed to new replies.