Sorry, I’m unclear what “No, Ciprian’s plugin is A two-factor plugin” means; I mentioned that it does indeed provide 2FA while also remaining lightweight and fast — I should have added: “as a security plugin.” His introduction is here.
The WP plugin “Two-Factor” is listed as incompatible with CP, though there are two more plugins with “Two-Factor” in the title.
In any case, perhaps @Ciprian can explain how his 2FA function queues up during login (if that is the right expression).
I meant it’s one of the plugins that does 2FA, so A not THE. I use Two Factor on CP without difficulty. I’m not suggesting you change plugins, though.
Ah, yes, thanks; when I myself wrote " Ciprian’s WP Guardian plugin is the 2FA plugin," I meant that it “is” the one (among the various alternatives) that I’m using, so it is not conflicting with a different security plugin as someone suggested earlier.
Yes, I’m happy with Ciprian’s plugin, just need to straighten these things out.
So to summon, pepper adds a part to the passwords and stores it in a file. Every time you login it attaches the part it randomly has generated first time to your pass before checking it in db where it has same part added. Basically 2fa does similar requiring an otp to access so they clash depending on the fact they operate on the pass at same time.
That idea without testing just from my raw knowledge of security plugins.
I might be mistaken but I think the issue here is this. I think it can be solved setting a priority if possible (pepper operates first and then 2fa comes into play). @timkaye correct me if I am wrong.
@ElisabettaCarrara Pepper always operates before 2FA as the peppered password has to be checked first before 2FA comes into play.
I activated Pepper and reset passwords for all users and can confirm that the login procedure now works as before, i.e., with both Pepper and WP-Guardian with 2FA enabled.
What I did notice — or think I noticed — in cPanel is that the most recent Pepper plugin folder has been renamed from pepper (which is the folder I renamed and then restored yesterday) to cp-pepper. Perhaps this is why the Pepper plugin disappeared from the admin plugins page even after I restored it — whereas wp-guardian remained the same.
When experiencing these issues, have you tried enabling WP_DEBUG and WP_DEBUG_LOG, then after seeing the issue check “/wp-content/debug.log” for any potential issues reported?
Thanks for the suggestion; no, I did not try that, but makes sense to try to get at the problem.
Thanks for the suggestion(s); I did most of these things, disabled plugins, cleared my browser history and cache, closed and reopened the browser. I have copied your suggestions into a text file for future reference. I do need to make sure I’m cleaning the cache correctly.
I have released an update of my WP Guardian plugin - 1.6.0 - and made sure there are no conflicts with the Pepper plugin.
I have also updated the code for performance, and compliance with WPCS (which matches PHPCS closely).
@Ciprian Is your WP Guardian Plugin available for download? I do have one CP site I want to add an extra firewall to.
P.S. Downloaded from wp-org.
Idea: I think if you had a CP dedicated version in the Plugin Directory, that would be pretty awesome - and you would get some downloads as well for CP users (could have a premium version too).
Cheers!
Hey! Happy new year!
Yes, I know, I plan to have a CP version, but for now I would need to maintain both repos, one in SVN and one in GitHub. I started work on a “clone” called FX Guardian, and it will replace WP Guardian at some point this year. For now, you are perfectly safe to use WP Guardian, as the code base is and will be the same.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.