search

wordpress-mobile / WordPress-Android

WordPress for Android
http://android.wordpress.org
GNU General Public License v2.0
2.98k stars 1.33k forks source link

Wordpress app: Can't login to the site if there's a 2FA plugin #20890

Open fluiddot opened 5 months ago

fluiddot commented 5 months ago

Following several app reviews, if the site has a plugin that enables 2FA authentication, you can't log in to the app with a user with 2FA enabled as it results in an error.

App Reviews:

Expected behavior

The app can log in to a site using a user with 2FA enabled via a 2FA plugin installed on the site.

Actual behavior

The app can't log in to a site using a user with 2FA enabled via a 2FA plugin installed on the site.

Steps to reproduce the behavior

  1. Create a self-hosted site (e.g. create a Jurassic Ninja site).
  2. Install a 2FA plugin (e.g. https://wordpress.org/plugins/wordfence/).
  3. Create a new user and enable 2FA.
  4. Open the app.
  5. Try to add the new self-hosted site.
  6. Try to log in using the credentials of the 2FA user.
  7. Observe the login process fails with an error.
Tested on iPhone 11, iOS 17.0.2, WordPress iOS 25.0.
Tested on Samsung Galaxy S20 FE 5G, Android 13, WPAndroid 25.0-rc-1
dangermattic commented 5 months ago

Thanks for reporting! 👍