Almost all my websites, be it a WordPress website or a more custom and advanced, Laravel website, have some form of 2 Factor authentication implemented in them. So, in order to login to the website’s backend, I have to complete two steps to successfully authenticate myself.
First, I need to pass-in my login credentials and then when I am asked for the security code, I enter the security code Google Authenticator gives me for my that particular website. It is been a very smooth process over the years and I never had any issues, until today!
The 2FA code provided is either expired or invalid. Please try again.
Today, when I tried logging in to the backend of one of my websites, after entering my username password combo and then the security code from Google Authenticator, the login failed every time, much to my surprise!
Each time I was getting the following error:
The 2FA code provided is either expired or invalid. Please try again.
How to gain access to your website if 2FA authentication fails?
For the website in question, I use the Wordfence plugin. So, after trying out a few times and failing every single time, so much so that I ended up locking myself out from even accessing the login page, I decided to bypass the login.
I connected to my server via SSH (you can also use an FTP client) and navigated to the wp-content\plugins folder in my root directory.
I then renamed the WordFence plugin directtoy using the code below:
mv Wordfence Wordfence_old
If you are browsing your web-directory via cPanel or any other visual interface, just right click the plugin folder’s name from Wordfence to Wordfence_old and that’s it.
This effectvely disables the plugin. Then, I tried accessing the login page of my wordpress website.
This time I was successfully able to access the page and login to the backend. I am still to figure out what actually wet wrong but for now, I just needed to access the backend.
Hope this helps.