Email address used to send HOTP codes

  • Hello people,

    I am currently setting up a community site where I have to force 2FA by HOTP (one-time codes by email) on every user. I created a page and placed the shortcode [wp-2fa-setup-form] there. It’s all fine and working, but in the setup wizard it says:

    IMPORTANT
    To ensure you always receive the one-time code whitelist the email address from which the codes are sent. This is (WP admin email address)

    Why does it say that it is going to use the WP admin email address to send the codes? And why are the codes being sent from the email address [email protected]?

    In the 2FA plugin settings, in the “Emails & templates” tab, I chose “Use the email address [email protected]”.

    How can we avoid displaying the WP admin email address inside the setup wizard and how can we use the email address specified in the plugin settings to send the HOTP codes?

    Any help or hint is much appreciated.
    Thank you, have a nice day!

Viewing 1 replies (of 1 total)
  • Plugin Support Lucian Padureanu

    (@lucianwpwhite)

    Hello @hillyfov!

    I’m sorry to hear about the issues you’re experiencing with our plugin!

    This appears to be a small bug that was recently reported, and I can confirm it’s already on our radar for the next plugin update.

    To explain the issue: the site admin email shown in our plugin wizard should be replaced with the actual “From email address” you have configured. However, it seems this isn’t happening as expected when our default suggested email is used e.g. [email protected]. (reference here for more context)

    If you choose instead the custom email address and name option from our plugin settings (check reference image here) everything should be working as expected, and you should see the correct From email address in the wizard. (check example based on settings added in first image). Let me know how this works for you.

    In any case, the functionality should still work correctly—meaning emails should be sent from your configured “From email address“—so the bug affects dynamically pulling this data (email) in the wizard.

    To ensure that emails are sent from the correct address, could you please try the following and let me know the outcome? This will clarify if the functional part of this is also working as expected, which I am highly confident should work as expected.

    1. Install a free email log plugin like WP Mail Logging. (if you do not have a working email solution on the site)
    2. Try configuring 2FA for a user and wait for the 2FA code to be triggered. Screenshot for reference or try to use the “Test email” feature inside our plugin Emails & Templates tab (inside Settings)
    3. At this point, check your inbox for the email, or review the “Email log” section in the email log plugin (if you’re testing on a staging site or don’t want to use a real user).

    Do you see the correct “From” email being reported in the email details (recipients) or inside the Email log plugin?

    Looking forward to hearing back from you on this along with the results.

    Many thanks!

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.