Hi all,
as many of you know, there’s currently no working 2FA provider for the Woo login module. The WordFence 2FA is simply IGNORED upon login. That’s right, I can log in WITHOUT the code, which undermines site security severely.
I understand that this is no simple task so I would like to suggest a quick and dirty remedy:
Add an option to DISALLOW ADMIN LOGINS for this element (or disallow by role ofc). That way a 2FA-enabled user is forced to use the backend login form, where 2FA actually runs.
There are a few topics about this already, I came across this one but didn’t hear back for a while, so I’m posting this here in the hopes of getting a bit of momentum on the matter.
Kind regards,
SVT