Often, when our users are required to do a 2fa authentication, the emails do not go out with the codes (or are not received). This happens to multiple members on our team, including myself, some located in US others in other countries.
I’ve even tried installing an SMTP plugin so that all Wordpress emails go out through our SMTP server. Still, no joy. What is the problem? It makes it a real pain when we regularly have team members who can’t login because they are not operating from home, but they also can’t get the 2fa email with the code.
It’s a frustrating situation. Often, when 2FA codes aren’t received, the emails might be landing in the spam folder of the user’s email client. Another possibility is that they’re being filtered out by an anti-spam trap on the user’s mail server.
To get to the bottom of this, I recommend using an SMTP server/service that supports diagnostic logging. A good option can be Mailgun. Even their free tier allows access to basic logs, which should be sufficient to see how 2FA emails were processed and if they were rejected as spam.
By checking these logs, you can better understand why the 2FA emails are not being delivered. Information from email logs is crucial in resolving issues with delivery and ensuring that your users receive their 2FA codes reliably.
I think we will implement some kind of email diagnostic tool in WP Cerber soon.