Hi @igorsweden
Thanks so much for reaching out about this issue – that’s definitely not how it’s supposed to work! Let’s see if we can get to the bottom of what may be going on.
First, let’s make sure that Brute Force Protection is enabled site-wide. Navigate to Firewall > All Firewall Options and ensure that you have the option “Enable brute force protection” checked under Brute Force Protection. If not, there’s your answer. Without this option enabled, two-factor authentication won’t process. If it isn’t enabled, flip the switch to “ON” and click the “Save Changes” button at the top of the page.
Hopefully two-factor authentication works now, but if this option was already enabled, let’s check to make sure that your IP address isn’t whitelisted on your website because this will bypass two-factor authentication and let you login without requiring the 2FA code. Make sure your public facing IP address is not listed on the Login Security > Settings page where it says “Allowlisted IP addresses that bypass 2FA”.
.
Don’t forget to save the changes here too by clicking the blue “Save” button.
Finally, can you see if you have any plugins enabled that bypass or hook on the WordPress login flow, such as a login redirect plugin or a membership plugin? Our plugin hooks in to the login flow fairly late in the process, so if you have other plugins that override the login flow, that may cause a conflict with two-factor authentication from Wordfence. Examples could include Woocommerce or Paid Membership pro. We are working to have our 2FA feature compatible and hope to release that in the near future.
Let me know if any of this doesn’t help, or if you have questions about anything else.
Thanks,
Joshua
Hi,
Thanks a lot for your help.
I have brute force attack enabled, and my IP is not on the whitelist.
But I use WP User Front End-plugin which overrides the normal login.
So this is probably the problem why the 2FA doesn’t work.
I can check if this is a common issue with WP User front end-plugin.
Thanks for your input on this matter, I’ll see how to proceed with this.
Best Regards
Igor
Hi @igorsweden
Thanks for getting back to me!
Unfortunately, using a plugin like this will cause 2FA to malfunction.
You must use a standard WordPress login form with no custom theme, no plugins, or custom code.
I hope this helps to clarify.
Thanks,
Joshua