Sudden 2FA problems

  • Resolved delanthear

    (@delanthear)


    2 years, 10 months ago

    Has something gone wrong with 2FA recently?

    I’ve been using WordFence with 2FA activated for a few months now, using Google Authenticator. Last week however, I got a “VALIDATION FAILED: The 2FA code could not be validated. Please try logging in again.” error when I tried to log in.

    I renamed the WordFence directory and logged in. I then renamed the WF dir back, reactivated it and turned 2FA back on. That worked fine, but I’ve just tried to go back in now (first time this week) and I’ve the same error.

    The recovery codes don’t work either, so it seems like something wrong in the plugin?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Anonymous User 17880307

    (@anonymized-17880307)

    The OTP Auth secrets should normally not change. To correctl?y verify TOTP (time-based one-time passwords) the clock of your smartphone / OTP generator and your server should be kept in sync / up to date.

    Otherwise if there is a gap of more than 30 seconds the time-window for TOTP checks may not be hit.

    Plugin Support wftiffany

    (@wftiffany)

    Hi @delanthear,

    Thanks for reaching out to us!

    As @danielrufde mentioned, you can check your server time and confirm that it matches your device time.

    When you’re logged in as an administrator, the bottom of the “Two-Factor Authentication” page shows “Server Time” and “Browser Time.” Server Time needs to match the time on your device that’s running Google Authenticator, otherwise the code won’t work.

    You mentioned that the recovery codes don’t work, so it’s possible you have a plugin conflict. You can try disabling plugins one by one to see if that resolves the issue.

    Let me know what you find out.

    Thanks,
    Tiffany

    Thread Starter delanthear

    (@delanthear)

    The times all match up. I guess it might be the Stop Spammers! plugin I’m using. Will see if it fails to work with that disabled.

    Thread Starter delanthear

    (@delanthear)

    Yeah it is ??

    HOWEVER!

    This option fixes it: https://imgur.com/a/OZbG23Q

    Something has definitely changed with the plugin as all of a sudden we are now seeing this same issue. And to make matters worse it doesn’t seem to be honoring the WP_CONTENT_DIR WordPress setting and is not trying to create the wordfence-waf.php in a different place and this I think is what’s causing the problem.

    • This reply was modified 2 years, 10 months ago by Tim Nolte.

    So after additional investigation, the WP_CONTENT_DIR and wordfence-waf.php looks to be an unrelated issue from the 2FA problem. Issues with 2FA do seem to trace back to misbehaving web servers. This has revealed the though a need to be able to turn off the 2FA feature alone otherwise in some cases you are stuck having to disable Wordfence completely.

    i had same problem

    it’s linked to the Stop Spammers plugin

    solution
    rename the folder to anything else: plugins\stop-spammer-registrations-plugin

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Sudden 2FA problems’ is closed to new replies.

Tags