WordFence 2FA and JWT Tokens Plugins

  • I created some custom REST API endpoints on a WordPress website to deliver data that should not be public, so I set them to require an authenticated user. At the same time, I installed and activated the JWT Authentication for WP REST API plugin, allowing the application accessing these endpoints to use JWT tokens. The problem was my user having 2FA enabled (this website uses WordFence 2FA feature), which blocked the token generation request. WordFence has a setting to ignore the use of 2FA in XML-RPC requests, but not for the REST API, so I had to add three lines of code to modules/login-security/classes/controller/wordfencels.php, starting at line 556:

    if (defined(‘REST_REQUEST’) && REST_REQUEST) {
    return $user;
    }

    It would be helpful to have a similar setting for the REST API as the one available for XML-RPC.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @andrei-thomaz, I appreciate you getting in touch about this.

    I will certainly make the request to the team, although a possible workaround if the REST API calls will be occurring from a consistent IP. If so, using?Wordfence > Login Security > Settings > Allowlisted IP addresses that bypass 2FA and reCAPTCHA could be appropriate. If you plan on having wp-login.php or other methods still available, they would allow logging in with a 2FA code if the IP ever changes.

    I’m not certain that WordPress Application Passwords would be appropriate for your use-case but that?might?be an option too as they won’t require 2FA.

    Many thanks,
    Peter.

    I have the same issue, REST API calls are from Google Apps Script and so the IPs are dynamical through their network of servers, which rule out the use of Allowlisted IP, what about Allowlisted URL / Enpoint instead for 2FA and reCAPTCHA?

    • This reply was modified 4 days, 12 hours ago by minimax.
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Tags