Skip navigation
Documentation

Duo for WordPress - Frequently Asked Questions

Contents

Duo's WordPress plugin enables two-factor authentication for WordPress logins.

Why is Duo unexpectedly prompting some user roles to authenticate to the primary WordPress site?

In a WordPress multisite installation with Duo two-factor authentication configured for "Administrator" role users, users with the "Editor" role (or any role other than "Administrator") may see unexpected prompts for Duo authentication when logging into the primary WordPress site instead of their assigned subdomain site.

This happens because when those "Editor" users log into the primary domain instead of their subdomains the Duo plugin attempts to verify the user's role in the primary domain to determine if two-factor is required for that role. Since the users are not members of the primary domain, Duo is unable find any roles for the user attempting to login and defaults to two-factor authentication.

To correct this, add the subdomain users to the primary domain with their corresponding roles under Network AdminSitesUsers.

Why do I see "Access denied. The server's time may be out of sync." when logging in?

If you can, ssh into the server and use NTP to set the correct time.

If you don't have access to the server (or the permissions needed to run NTP), contact your web host and have them correct the server time.

Note: the WordPress timezone setting is irrelevant here.

How do I install Duo's plugin on a multisite WordPress installation?

  1. While logged in as the WordPress network admin, navigate to My SitesNetwork AdminPlugins. Install the Duo two-factor authentication plugin using the directions on the main page and click Network Activate after installation. Proceed with multisite configuration after activating the plugin.

  2. Browse to SettingsNetwork Settings. Scroll down the page to the "Duo Security" section. Copy and paste your integration key, secret key, and API hostname from the Duo WordPress application's page int he Duo Admin Panel. You may select which WordPress user roles need to authenticate using Duo.

    To fully secure your WordPress site Duo recommends that you disable XML-RPC. However, this will prevent use of offline Weblog clients and the WordPress mobile app.

    Plugin Search

    Click Save Changes to complete configuration.

Additional Troubleshooting

Need more help? Try searching our WordPress Knowledge Base articles or Community discussions. For further assistance, contact Support.

Ready to Get Started?

Sign Up Free