The issue persist, seems also if I selected to remove all plugin data when deleted, when installed again plugin data still be configured even if I see wizard and I finish it… other things that was configured still be and I still cannot login with this plugin active. Any suggestion?
I think I found why in just one website I was unable to login.
There is an incompatibility with Wordfence if is active in Wordfence the 2 step and if I activate in shield security the option under shield protection, login protection, 2 factor authentication. If this option is active and Wordfence 2 step is active I cannot login anymore. I may need deactivate the 2 step on Wordfence and setup on Shield Security.
First, this extension never respect the setting to reset delete all data when removed. Should I report this issue in another topic?
Second: seems, on my opinion, Wordfence 2 factor is better then the free two factor provided by shield security because in my profile I see the only option to activate two factor by email. This is good but is less secure then configure an authenticator app, I want use an authenticator app as I do in Wordfence and this seems to be not possibile. also I see backup codes are a premium feature so I have this for free in Wordfence. Now the issue is that seems I cannot keep Wordfence 2 step active and security shield two factor login protection.
The shield security has this login protection by email that is good for users that never configure an app.. but should let me configure an app instead of email and backup code should be not a premium feature or is better for me use another 2 factor solution… but here I have found a compatibility issue with Wordfence.. the extension I use.
Hi,
Thanks so much for keeping us updated all the time and for your feedback on 2FA. This is highly appreciated.
I’m glad to hear that you were able to narrow down the initial problem.
Using multiple WordPress security plugins may have unpredictable results. This is because 1 WordPress plugin doesn’t have inherent understanding of what another plugin does. So when 1 feature from 1 plugin doesn’t seem to work well with another related feature of another plugin, this is perfectly normal.
When it’s about temp disabling Shield, the easiest way is using the “forceoff” method outlined here. So, any time you get locked out of your own site as the result of Shield, for any reason, instead of renaming the plugin folder, you can forceoff. When forceoff, the plugin itself will be active but none of the security/blocking options will be enforced – Shield can’t block anything. This will allow you to regain access to your site and troubleshoot.
Regarding deleting plugin settings option (under General Settings > Plugin Defaults), this will work upon plugin deactivation only. Once you enable this option, you’ll need to go to the Plugins page of your site and click to deactivate > activate Shield Security plugin. All previous settings will be deleted (cleaned out) and revert to defaults.
As for the Shield’s 2FA, there are x3 options that are available in Free version:
1) 2FA by email
2) Google Authentication
3) Yubikey
So, if you prefer using Google Authenticator app over 2FA by email, you may enable this option in Shield settings and set it up for your user account.
You also have the ability to specify pages available to users to configure 2FA on their account.
Sincerely hope that you find this helpful…
Thanks.
Jelena
Thank you, I will see 🙂
No problem, always happy to help! 🙂