"new user" conflict with "All In One WP Security"

  • Resolved batteriesInc

    (@batteriesinc)


    10 years ago

    Hi, thank you for a *very* useful plugin. I came across a gotcha, though.

    It turns out that the “All In One WP Security” plugin makes it impossible for a new user to log in and obtain their QR code as WP claims the user has not been enabled by the administrator, so the new users never gets to the point where they can log in (2FA or not).

    Once you disable that plugin it all works as planned, so the current workaround I have is to temporary disable the security plugin which is a bit like taking the whole fence down to install a better lock in the gate, but at present it’s the only thing that works.

    I will contact the people who make the “All In One WP Security” plugin as well to see what they actually do and what can be done to overcome the problem, but it may be worth having a look at – WP really needs both your and the other plugin to be moderately safe.

    Kind regards

    https://www.ads-software.com/plugins/wp-google-authenticator/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author julien731

    (@julien731)

    Hi,

    I’m not sure I fully understand the problem. Why does All In One WP Security makes it impossible for new users to log-in? It is possible for them to log-in without WP Google Authenticator active?

    Cheers,
    Julien

    Thread Starter batteriesInc

    (@batteriesinc)

    Apologies – one post I forgot to update ??

    The problem turned out to be an All in one WP Security extra account authorisation check, which hides not in the WP “Users” menu, but inside the All in one “User registration” menu.

    In other words, you may not realise a freshly minted user needs an extra step before they are able to access the system and then set themselves up for using Google Authenticator.

    Once you work that one out and perform that extra authorisation in All in one, it all works as planned (and very well, I may add, I like the way it is implemented). As a matter of fact, both plugins work rather well together otherwise, as long as you keep that authorisation step in mind. You can also disable that option to allow self-registration, but for the site I’m experimenting with that isn’t an option.

    In other words, it was not your plugin, but user error ??

    Kind regards, bInc.

    Plugin Author julien731

    (@julien731)

    Great to hear! Thanks for the update.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘"new user" conflict with "All In One WP Security"’ is closed to new replies.

Tags