[ad_1]
I have a client using Elementor Pro page builder in their site theme. 2FA has been enabled in Wordfence, and it works as expected when using the default login form or WooCommerce login form. When using any custom login forms created/added by Elementor/theme, instead of giving any sort of 2FA error they simply login the account bypassing 2FA. These are admin accounts where 2FA is mandatory.
Is the default behaviour when 2FA isn’t validated on a form not to at least fall back to a login error? This appears to be a large security flaw unless it is not working as intended for them.