WordFence – can’t login using 2FA

Hello @philbyuk and thanks for reaching out to us!

I’m happy to provide you instructions on how to get back into your site. If you have lost or replaced your old phone and can no longer access your site(s), and you have misplaced the 2FA backup codes, there are two ways to get back into the site.

The first way is if you have added the site in Wordfence Central (a free site management tool in your account on wordfence.com):

• Login to Wordfence.com and look for the Configuration tab.
• Click the gear icon at the end of the row that the site you need to access is on.
• Scroll down to the Login Security Options section and expand it by clicking the small black arrow to the right.
• In the section that says “Whitelisted IP addresses that bypass 2FA” add your public facing IP address.
  NOTE : You can get your public facing IP by clicking this link.
• Scroll back to the top of the screen and save the changes.
• You should now be able to login to your site with just a username and password.

If you haven’t added your site to Wordfence Central follow these steps:

• Please use FTP/SFTP — or any file manager your web host provides via their administration panel.
• Look inside the /wp-content/plugins/ directory and rename the wordfence directory to wordfence.bak. This will deactivate Wordfence and allow you to login without the 2FA code.
• Once you have logged in to your WordPress admin you can name the folder back to wordfence again.
• Go to your user profile and add 2FA back to your account, making sure to download the backup codes in case of problems in the future.

If you have any other trouble logging in feel free to reach out here.

Once you are logged in we can figure out why it was not working. Do you happen to use a custom login page?

Thanks!

Thank you so much for the advice & prompt response; that worked fine! I’m back in but re-enabling 2FA caused exactly the same problem, so I’ve reset as above and switched 2FA off.

Any clues as to why 2FA blocks the account?

It could be a few possibilities in this situation. Sometimes another plugin can cause issues or as I mentioned before, if you use a custom login page, it can also cause 2FA to not work right.

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

I can review your settings.

Thanks!

Diagnostic report sent, thanks

Sorry @philbyuk but I was not able to locate the diagnostic in our inbox. Could you try to send it again or “Export” the diagnostic to a txt file and send it to the same address wftest @ wordfence . com with subject as your username?

Thanks again!

Done – emailed direct – many thanks!

Thanks! I was able to find that one!

I don’t see anything that would be causing a conflict with 2FA on your site.

Navigate to your Wordfence > Login Security page and look at the bottom of this page. You should see the Time settings detected. Make sure these times are correct and match the time on your authenticator device(phone). If the time is off, the code will be off.

Let me know what you find!

Thanks!

Checked Times of Login Security:

UTC Timestamp is 3 secs different from server to browser

Timecode on mobile with authenticator is 1 sec different.

I use WF 2FA on other sites and it works fine.

Unless I’ve missed something obvious lets close this thread. I will re-enable 2FA and see what happens. if it doesn’t work I’ll know what to do!

Thanks for your help & support if we close this thread.