Role exlusion not working on 5.8

Hello @smallguy

Thank you for your message and for using our plugin.

We’ve ran some tests and I can confirm that there are some inconsistencies with user statuses on 5.8. We are looking into this and will issue a fix with the next update.

I am sorry if this has caused an inconvenience. Please let me know if you want me to send you a patch once we have a fix.

Have a great weekend.

Hi @robert681 thanks and yes a quick fix would be very helpful, since this website in particular is a webshop where it’s customers can’t login into their account.

Hello @smallguy

I am not understanding this – the problem you reported is about the user status not being updated, right? Or is this also about the policies not being applied? Can you please give me more information so we can understand the context of the problem?

Thank you very much.

Hi @robert681
The problem is the 2fa user status which means that I can’t change the 2fa user role to exclude the ‘customer’ role, so that Woocommerce customers can login without a 2fa. In this case this website now has “Required but not configured” at the 2fa (customer) role status.

Excluding the customer role in 2fa ui is not changing the current “Required but not configured” status…

Hope this helps..

Let’s recap a bit @smallguy

Let’s ignore the status that is displayed in the list of users. There are issues with that and we will address them in the next update. However, that should not affect the functionality of the plugin.

So you want the users whose role is “customer” to log in to your website without 2FA. Is that correct?

If that is the case, you do not need to exclude that role, you just should not enforce 2FA on them via policies.

Maybe it would be easier if you can send us a screenshot of the settings you have configured? You can send them to us via email at support at wpwhitesecurity dot com.

We look forward to hearing from you.

Hi @robert681
I sent you email with screenshots etc…, with the text as below:

About the above discussion, some screenshots.

This is a Woocommerce install with ‘customer’ role that currently have the 2fa status “Required but not configured”. This results in a redirection loop when customers are trying to log into their customer account.

What I need is to have WC customers login without 2FA.
Your answer was:
So you want the users whose role is “customer” to log in to your website without 2FA. Is that correct?
If that is the case, you do not need to exclude that role, you just should not enforce 2FA on them via policies.

So I changed my settings, from exclude customer role, to only apply to certain roles, see attachment. Unfortunately this will not change anything to the existing customer roles, only for new customers, since only they will now get the 2fa status
“Not required & not configured” and they can login without 2fa. (attachment)

The initial question remains:
How to change the 2fa status for current ‘customers’ from “Required but not configured” to “Not required & not configured”`

Hi @robert681 @smallguy I’m having similar problem.
I have 2fa enforced on subscribers only but when I log in as admin or editor I’m asked to enter the 2FA code.

Hello @kooba

Please post your support request on a new forum thread. Your issue might be different, or might be caused by different things, even though the plugin’s behaviour is similar.

Thank you for your understanding.

@robert681 Sure, done: 2FA enforced on all users instead of subscribers only

Thanks