Ultimate Member Plugin Not Compatible with Wordfence Security

  • Hi Ultimate Member Support,

    Plugin has great functionality but seems to be incompatible with wordfence’s 2 factor cellphone sign in and Google recaptcha.

    Could you advise how can I configure the plugin to work together with wordfence which has the 2 factor cellphone sign in function?

    When Ultimate Member Plugin is Disabled, Wordfence works fine but when enabled, it overrides the 2 factor cellphone sign in and logs into the account without needing the security code entered.

    Please assist!

    Thanks!

Viewing 7 replies - 1 through 7 (of 7 total)

  • abbyptan,

    Did you ever hear from the Ultimate Member team or figure this out?

    I’m trying to overcome the same issue. I’ve even enabled the default wp-login.php page, but Ultimate Member prevents 2FA cellphone sign-in from the default login page as well.

    I did a quick test, deactivating Ultimate Member and had no issues then.

    Thanks!

    No, they have not fixed this. I’ve asked them several times but no solution was given.
    And it’s not just Wordfence, it overrides almost every 2FA method, including Google Authenticator.

    It’s a pity they don’t listen to their users.

    Thanks for the quick input.

    I’ve already heard back from the Wordfence team, which confirmed that this is a known issue with Ultimate Member (UM) and that any fix would have to come from the UM plugin.

    Should I figure something out, I’ll post it here. Unfortunately it will probably have to be a “hack” that impacts basic functionality of UM and not of much use to many people.

    I’ve found a very hacky workaround that finally has gotten Wordfence cellphone signin working. Unfortunately, it’s meant making a few changes to core files in Ultimate Member (UM). This has broken the UM login form, which will be replaced by the WP login page (which will be customized to match the look).

    This of course means I’ll be unable to update UM without making (and testing the changes again).

    Given that these changes could have wider ranging impacts on other sites that have different functionality and requirements (or even different versions of UM), I don’t feel good about sharing them right now.

    Hopefully the UM team sees this and realizes that security is not only a want but becoming a must for many sites.

    This is not a solution, they should fix their plugin.

    Agreed. But given that I need cell phone sign in working and I don’t have time to rewrite the UM functionality we’re using, it’s what I have to do.

    UM’s only suggestion was to try a prerelease version (didn’t change behavior). I’ve not heard back since I informed them that the problem persisted.

    Correct. I supplied some more information on the ticket I submitted regarding this issue, which got no further response from UM support.

    From everything I’ve seen, UM’s excuse is that FB does not require 2FA for users. Unfortunately this argument isn’t really an equivalent situation, as I’m sure FB employees have some sort of security precautions in place.

    I do hope UM figures this out sooner rather than later, as such an oversight can make it impossible to use their plugin in many situations, no matter how great it is otherwise.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Ultimate Member Plugin Not Compatible with Wordfence Security’ is closed to new replies.