2FA not working in Local site

I have 2FA enabled for logging in to wp-admin on my production website. When I run my website on my computer using Local, my authenticator generated code does not work! The only way for me to log in is to burn a backup code, which I am quickly running out of.

Has anyone figured out how to enter a 2FA code running on Local? I can’t figure out how to get in otherwise. Thanks for the help.

Hey @tedhts – Welcome to the Local community!

I’ve never gotten 2fa to work on a Local site, though I’ve not done much troubleshooting. It sort of depends on how 2fa is configured.

Usually 2fa implementations require a site to be accessible to an authorization server. For a site in Local, a remote server has no way to communicate with the site running on your machine.

My advice would be one of two general routes:

  1. If you want to keep working within Local, after importing the site, then disable the 2fa plugin and login with your normal username/password. Local’s “One-click admin” feature should allow you to log in at that point, or you can update the password for a user using either WP’s “Forgot my password” feature or updating using wpcli from the site shell.

  2. If you need to keep 2fa for testing and things, and Local doesn’t allow you to do that, you might need to look into having a staging site which is accessible from other servers.

Hope that gives you some things to think about and try!

Hi @ben.turner!
Thank you so much for the response. How do I disable the 2FA plug-in if I can’t log into my admin account? I don’t see how to do that in Local.

All of our account logins use 2FA, so I’m kinda stuck.

Best regards, Ted

This is the kind of problem that I turn to wpcli to do. The general steps are:

  1. In Local, click the “Open site shell” button for the site you’re working on
  2. List the plugins that are installed on the site
  3. Deactivate the plugin

The individual commands you might use within the terminal look like:

# list the plugins
wp plugin list
# deactivate the plugin
wp plugin deactivate my-plugin-slug

Your plugin is likely different, but here’s a screenshot to help visualize that process:

Hmm, I don’t have a 2FA plug-in. The issue that I’m having involves 2FA settings in Users | Profile. There doesn’t seem to be a way around this on Local without disabling 2FA on my live site, making a backup to import into Local, and then putting 2FA back. That would require me to reset my authenticator app and all of my rescue codes - a big pain. My other thought is to create an admin account without 2FA - creating a security risk.

My plug-ins:

2FA in Users | Profile:

Thank you so much for your help with this! It’s surprising more folks don’t run into this problem if they use 2FA.

But that’s the thing, by default, WP doesn’t have 2FA, so something is adding that feature to the User Profile page.

Skimming that plugin list, my gut tells me it’s probably a security feature of ithemes-security-pro… searching the web – you might be able to temporarily disable 2fa within the Local site by adding this constant to the wp-config.php file for the site in Local:

define('ITSEC_DISABLE_TWO_FACTOR', true);

Can you give that a try and let us know how it goes?