Closed x2on closed 5 months ago
Does anything show up in your PHP or nginx/apache/IIS logs when it happens?
No just the 503 error
This plugin doesn't trigger 503's responses directly, and the only place in core that triggers them (that I can think of/find) is maintenance mode during auto-updates, which theoretically could be triggered more often just after a login attempt (as the traffic to the site triggers cron, which triggers background updates).
I'm thinking it's more likely that this is caused by a security module - either a WordPress plugin, or more likely, a server-level rate-limiting on the login endpoint.
@x2on Are you able to confirm with your host whether there's any rate limiting on login that would trigger a 503?
I couldn't find anything about a rate limit at the server.
I currently only have "Limit Login Attempts Reloaded" active, and this plugin doesn't show an entry for that. Also if i deactivate the plugin the same error happens.
If i wait 2-5 seconds before entering the 2FA it currently works.
I made a few test. The problem only exists if i copy & paste the code to the form. If i enter the number by keyboard it works.
Any idea?
Closing until we have the exact error message or steps to replicate the issue.
I personally haven't observed this behaviour in any of the sites using this plugin. It could be related to the site setup so please do report back if you get more details.
Describe the bug
If i try to login in my wordpress installation, i often get a 503 Service unavailable error after inserting the 2FA in the login form. This happens if i enter the 2FA with an password safe (like Bitwarden. If i enter the code by hand it works most of the time. I think there must be a timing issue for this error.
Steps to Reproduce
Screenshots, screen recording, code snippet
/wp-login.php?action=validate_2fa
Environment information
Please confirm that you have searched existing issues in this repository.
Yes
Please confirm that you have tested with all plugins deactivated except Two-Factor.
No