WP 2FA – Two-factor authentication for WordPress

Hello @ankerpuntvzw

Thank you for your message and for using our plugin.

I am sorry to read about your issue. For us to be able to assist you we will need more information / details. Can you please elaborate on what do you mean by “we can’t log in anymore”?

What is exactly happening? Are you getting an error when you try to log in, or a notification? The more details you can share about the issue the better.

Looking forward to hearing from you.

Hallo!

Sinds WordPress 5.2 is er een ingebouwde functie die herkent wanneer een plugin of thema een fatale fout veroorzaakt op je website en die je op de hoogte stelt met deze automatische e-mail.

In dit geval heeft WordPress een fout in één van je plugins opgemerkt, WP 2FA – Two-factor authentication for WordPress.

Bezoek eerst je website (https://ankerpunt.be/) en kijk of er zichtbare problemen zijn. Bezoek daarna de pagina waar de fout was gevonden (https://ankerpunt.be/wp-login.php?action=validate_2fa) en kijk of er daar zichtbare problemen zijn.

Contacteer je hostingprovider voor technische ondersteuning om dit probleem verder te onderzoeken.

In het geval dat je website kapot lijkt te zijn, en je het dashboard niet op de normale manier kan benaderen, heeft WordPress nu een speciale ‘herstelmodus”. Deze laat je op een veilige manier aanmelden op je dashboard om het probleem verder te onderzoeken.

https://ankerpunt.be/wp-login.php?action=enter_recovery_mode&rm_token=xEJzqoq5NCOXELREeOAzyA&rm_key=D70OZAkxVMUb2HDw3coZtY

Om je website veilig te houden verloopt deze link over 1 dag. Maak je daar, maar niet druk om, er wordt een nieuwe link naar je gestuurd wanneer het probleem zich weer voordoet nadat de link is verlopen.

Als je hulp zoekt bij dit probleem kan de onderstaande informatie handig zijn:
WordPress versie 6.0.2
Actief thema: Ankerpunt (versie 0.9.6)
Huidige plugin: WP 2FA – Two-factor authentication for WordPress (versie 2.3.0)
PHP versie 8.0.23

Foutdetails
===========
Een fout van het type E_ERROR trad op op lijn 291 in het bestand /customers/7/d/5/ankerpunt.be/httpd.www/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php. Foutmelding: Uncaught Exception: Invalid characters in the base32 string. in /customers/7/d/5/ankerpunt.be/httpd.www/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php:291
Stack trace:
#0 /customers/7/d/5/ankerpunt.be/httpd.www/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php(255): WP2FA\Authenticator\Authentication::base32_decode(‘\e!\x1A\vA\xB7\xE7 \xA9]\xA8\x12XJ\x05…’)
#1 /customers/7/d/5/ankerpunt.be/httpd.www/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-authentication.php(234): WP2FA\Authenticator\Authentication::calc_totp(‘\e!\x1A\va\xB7\xE7 \xA9]\xA8\x12Xj\x05…’, 55481697.966667)
#2 /customers/7/d/5/ankerpunt.be/httpd.www/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-login.php(903): WP2FA\Authenticator\Authentication::is_valid_authcode(‘\e!\x1A\va\xB7\xE7 \xA9]\xA8\x12Xj\x05…’, ‘253543’)
#3 /customers/7/d/5/ankerpunt.be/httpd.www/wp-content/plugins/wp-2fa/includes/classes/Authenticator/class-login.php(719): WP2FA\Authenticator\Login::validate_totp_authentication(Object(WP_User))
#4 /customers/7/d/5/ankerpunt.be/httpd.www/wp-includes/class-wp-hook.php(307): WP2FA\Authenticator\Login::login_form_validate_2fa(”)
#5 /customers/7/d/5/ankerpunt.be/httpd.www/wp-includes/class-wp-hook.php(331): WP_Hook->apply_filters(NULL, Array)
#6 /customers/7/d/5/ankerpunt.be/httpd.www/wp-includes/plugin.php(476): WP_Hook->do_action(Array)
#7 /customers/7/d/5/ankerpunt.be/httpd.www/wp-settings.php(620): do_action(‘wp_loaded’)
#8 /customers/7/d/5/ankerpunt.be/httpd.www/wp-config.php(93): require_once(‘/customers/7/d/…’)
#9 /customers/7/d/5/ankerpunt.be/httpd.www/wp-load.php(50): require_once(‘/customers/7/d/…’)
#10 /customers/7/d/5/ankerpunt.be/httpd.www/wp-login.php(12): require(‘/customers/7/d/…’)
#11 {main}
thrown

Hello @ankerpuntvzw

Thank you for sharing the error log. So to confirm, whenever you try to log in you get this error and can’t log in, correct?

What 2FA method have you configured and do you know since when this started happening? Maybe since you upgraded the plugin?

Looking forward to hearing from you.

• This reply was modified 2 years, 1 month ago by robertabela.

That is the message that we receive automatically when it goes wrong.After this message we cannot log in because the 2factor does not work anymore.
We get an error that the authentication code is wrong.
We have problems since the beginning of September.
One.com tried to solve this but they said to contact WordPress.
Can you please do something,g about it?
I am not the only one. It is your plugin!!

Hello @ankerpuntvzw

Can you please run a quick test?

Can you reset the 2FA configuration of a user who is encountering this problem? So you need to go to the user’s profile page, click the Reset 2FA button, and reconfigure 2FA.

Does this (temporarily) solve the problem?

P.S. we never said that this issue is not caused by our plugin. However, we have not managed to reproduce the issue ourselves until now. So we are trying to gather as much information as possible from affected users like you, to understand what the problem is. Your cooperation is really appreciated.

Looking forward to hearing from you.

Hi,
I did what you asked and yes, for now it works fine.
Before it went fine for a few days and then we crashed again.
Fingers crossed.
I will update you in a few days.
Chris

Hello @ankerpuntvzw

It seems like we found the cause of this issue through another ticket, but we do not have a fix yet. Just to confirm, can you please let us know if you have the Sucuri plugin installed? Or maybe another plugin that resets the WordPress salts every couple of days / weeks?

Based on our tests so far this error is happening because the WordPress salts are being changed, and the plugin uses the salts as a key to encrypt the data in the database etc.

Looking forward to hearing from you.