two-factor email authentication not working

Do you have any other plugin/theme that works with or modifies user login? If so, try disabling it temporarily and doing it again.

Hi,

I have two sites which are, as far as I am aware, identically set up except one is currently running wordpress 4.3.3 and the other 4.5.2.

They both use wps hide login (which I know isn’t needed with Shield but I haven’t got around to removing it). I also use a Profile Builder shortcode in a page to provide an in-site login area (in both sites).

The 4.5.2. site logs on ok – I click the link in the email and get logged in, followed by email confirmations from Shield and Sucuri Security.

When I click the link on the 4.3.3 site I don’t get logged in and get a message from Sucuri warning me of a failed login attempt.

Any idea why this is happening? I don’t know why the wordpress verison should matter although I will test Shield on another site I’m running with WP 4.3.3 to see if I get the same thing.

(I will be updating WP soon, but for various reasons its not convenient to do it right now).

Thanks

Are there any entries in the Audit Trail when this happens?

Hi

I can’t log in so I don’t know how to see the audit trail. Can I access it within the website files somewhere?

Thanks

Have a look here on how to get back in:
https://icontrolwp.freshdesk.com/support/solutions/articles/3000000959

Hi,

I have access to the audit entries. Which do you require and where shall I send them (I’d prefer not to post the info here)?

Thanks

GENERAL

6:09 pm May 11 login failure Attempted user login by “USER” failed. unknown 2 IP
You

EMAIL

6:09 pm May 11 email attempt send There was an attempt to send an email using the “wp_mail” function. It was sent to “EMAIL” with the subject “Two-Factor Login Verification for “WEBSITE”. unknown 1 IP
You

6:09 pm May 11 email attempt send There was an attempt to send an email using the “wp_mail” function. It was sent to “EMAIL” with the subject “Sucuri Alert, WEBSITE, Failed Login”. unknown 1 IP
You

SHIELD

9:34 am May 11 transgression counter started Auto Black List transgression counter was started for visitor at IP address “xx.xxx.xx.x”. unknown 2 xx.xxx.xx.x
You

It looks like my IP had been on the blacklist at some point. However after I got in using forceoff and looked at the list there was nothing on it. Plus its set to retain IPs for an hour so it should have been deleted by the login attempt 9 hours later.

I have another issue. Now that I’m logged in I’m trying to add an IP to the whitelist. However I click ‘Add IP’ and it just returns be to a blank list, ie its not adding the IP.

Are you currently running the latest version of Shield? At least, when you tried to add your IP to the white list was it the latest?

I believe it is the latest version as it is set to auto-update. I will check and get back to you.

Hi

its Version 5.2.0

Thanks

A further update: I thought the website running WP 4.5.2 was working with 2-factor authentication but actually it isn’t.