Wordfence 2FA breaks WordPress mobile app function

  • Resolved ArcherTC

    (@archertc)


    3 years, 5 months ago

    I have WordPress mobile app on iOS 14. Looks like a problem reported a couple of years ago (and supposedly fixed a little over a year ago) is back or still there. Namely, when Wordfence two-factor authentication (2FA login security) is on (1) the user cannot use the WordPres mobile app to post to an active site and (2) a site with it turned on cannot be added to the WordPress app. The latter problem was not previously reported.

    I also reported this as a bug via the WordPress mobile app feature.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @archertc and thanks for getting in touch!

    If you are using Wordfence 2FA, it is not currently compatible with the WordPress app. There is a note before you turn it on to choose the “Skipped” option if you use the WordPress app, the Jetpack plugin, or other services that require XML-RPC.

    The problem we see is that there’s no “session” in the way the app uses XML-RPC. The app sends the username and password with every request, so after the first request, the 2FA code is no longer valid. A new code would be needed every 30 seconds, which the app does not support.

    A switch by the WordPress app developers to use application passwords would most likely rectify the authentication issue.

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘Wordfence 2FA breaks WordPress mobile app function’ is closed to new replies.