Hello @queenielow
Thank you for using our plugin. I am sorry to read about your issue. Usually such issues are caused when the secret keys in the wp-config.php file are removed or changed.
Which web host is this website hosted on?
And do you know if the web host, or the website / web server has a process of resetting the wp-config.php file?
Thanks.
Hi Robert,
We are using Linode and I havent change the secret keys at all and I can confirm it’s been set too. I think the wp-config.php file might update only during core update. Do you think this will cause the issue?
Apologies for late response.
Thanks,
Queenie
Thank you for the update Queenie.
Based on what you are saying, it seems like the secret key is being changed. This happened a couple of times to some of our users whose web host was “refreshing” the wp-config.php file every few days. There might also be plugins which do this.
We can run a test to verify this. Can you please make a backup copy of the wp-config.php file?
The next time someone reports that their 2FA setup was “reset”, compare the backup copy of the wp-config.php file with the current one, and confirm if the secret key matches or not.
Keep us posted about this please.
Sounds like a great idea..
I’ll do that and will report when there’s another set of update happening.
I guess if this is really happening, the best option is to update WP core manually so that config.php are not replace?
Thanks alot for your help.
Updating the WordPress core does not reset / change the wp-config.php file. Usually this is something a third party security plugin might do, or a web host.
Let’s wait and see when this issue happens again.
Thanks @robert681 . Interesting and I will keep you posted.
