Multisite users can’t configure 2FA

Hello @kflogdev

Thank you for using our plugin.

I am sorry to read about your issue. Can you please answer the below questions so you can help us better understand the issue?

1) Once a user clicks on the “Configure 2FA” button in the banner and they are redirected to the profile page, if they click the “Configure 2FA” button in the profile page, does that work?

2) When they click “Configure 2FA” button in the banner, are they redirected to their profile page on the network URL or to their profile page on a sub site?

3) Can you please launch the browser tools (CTRL+Shift+I) and click on “Configure 2FA” in the banner? Once you are redirected to the profile page, are there any errors in the Network tab in the browser tools?

Looking forward to hearing from you.

Hello @robert681! Thank you for your support.

I’ve tested your scenarios with 2 different configurations:

Using the custom login screen I had configured using the WPS Hide Login plugin:

1) Clicking the “Configure 2FA” button in the banner takes them to a 404 page because it is trying to go to “root.com/wp-admin/network/profile.php?show=wp-2fa-setup”. This is the same behavior in the banner shown at the top of the profile page. Only the link at the bottom of the profile page works.

2) I think answered in #1, but they are redirected to their profile page on the network URL (which gives a 404 error), not the subsite.

3) Yes, because I’m hitting my 404 page, the network error is a 404 for “/wp-admin/network/profile.php?show=wp-2fa-setup”

—

After I deactivated the custom login and cleared caches:

1) Clicking the “Configure 2FA” button in the banner now does take them to their network profile page. However, clicking the button in the banner again still does not work. And on the network profile page, there is no button at the bottom of the page like there is on a subsite profile page.

2) Redirected to their profile page on the network URL.

3) No network errors, all 2** statuses.

Thank you for your help!

Hello @kflogdev

Thank you for the detailed response. That certainly sheds some light on the source of the problem.

In the first scenario we can see that the WPS Hide Login plugin is “restricting the user” from accessing their network profile page (root.com/wp-admin/network/profile.php?show=wp-2fa-setup). At the moment there is not much we can do about this because this is how the plugin works. We explained it in more details in this post. However, at the moment we are looking into a better solution so we can better support multisite networks which do not allow users to access the network profile page.

In the second scenario in which you deactivated the custom login page, the users can access the network page but the wizard is not triggered. Clearly something else is “conflicting” in this setup since there is no “Configure 2FA” button in the profile page, and thus the wizard is not being launched.

Would you be able to deactivate all the other plugins one by one in this scenario to find out which other plugin is conflicting with our plugin?

Looking forward to hearing from you.

Hi @robert681

Makes sense for WPS Hide Login. Any support you could add in the future would be appreciated!

—

I tried deactivating all other plugins (both network, and on individual site). The only plugin active is WP 2FA network activated. Here’s what happened:

1. Logged in from subsite.site.com/wp-admin.
2. Was taken to the subsite dashboard. I clicked the “Configure 2FA now” button in the banner, which took me back to my root site wp-login (site.com/wp-login.php) with a redirect to the network profile.
3. Tried logging in again to the root site.
4. Was taken to my network profile
5. Clicking the “Configure 2FA now” button in the banner just reloads the page, and there is no “Configure 2FA” button/section at the bottom of the network profile screen.

Thanks for your help!

I will add this detail as I’m troubleshooting… if I add a user to the root site as a “subscriber”, then everything works as expected, including WPS Hide Login. I’m able to login from the custom URL, and clicking any of the “Configure 2FA now” buttons takes me to my network profile where the 2FA settings are now available.

So the key was the user also being added to the root site, not only to a subsite.

WP allows a user to be added to only a subsite. But is this requirement the expected behavior for WP 2FA?

Hello @kflogdev

Sorry for the delay in getting back to you on this. For some reason the notification for this response slipped through the cracks.

From your response there is clearly a permissions issue with users accessing the network dashboard and triggering the wizard. By any chance did you try switching the theme to default theme as well?

By the way, considering we are planning to revamp the way the plugin works on multisite networks (so users do not have to access the root site), I’d recommend to wait until the next update. I’m pretty confident it will solve all of these issues.

I understand this is not the ideal answer, having to wait, but since we already know we are completely rewriting this section of the plugin, it does not make sense to use resources on trying to fix what will be replaced.

My turn to apologize for the long delay. Sounds good for a future update.

For now, I’ve been adding every user as a “subscriber” to the root site, and this appears to be working. If in the future that step can be skipped, even better!

Appreciate your great support and great plugin!

Thank you for the update @kflogdev

I am glad to read that you found a workaround for this issue. We have already started working on the next update and we will indeed address this issue.

Thank you for the positive comment. May I ask you to please spare a minute to rate our plugin and service? These ratings are really helpful.

Have a great day.

We are facing the same issue and we are using latest 2FA version 2.3.0,

Here is my debug:

the hyperlink on the ‘Configure 2FA now’ button.

Its pointing to https://site.com/wp-admin/network/profile.php?show=wp-2fa-setup which does not shows user a screen to configure 2FA.

if i manually enter the following hyperlink, it allows the user to configure 2FA.
https://site.com/sub-site/wp-admin/profile.php?show=wp-2fa-setup

Can you please update the link in the next release, we can manually modify it but than have to stick with older versions until an official version is release with a fix.

I would really appreciate your help.

• This reply was modified 2 years, 4 months ago by mirabdulah. Reason: clarity

Hello @mirabdulah

Please open your own forum thread if you have any issues or need support.

Thank you for your understanding and cooperation.