This is an example of one of those e-mails:
Controleer een inlogpoging met je account op M*********n.
Aangevraagde tijd: October 3, 2023 03:14:16 PM
IP: **********
Het verzoek is gemarkeerd als verdacht, en we hebben verificatie nodig dat je hebt geprobeerd in te loggen om het door te laten gaan. Deze verificatie link is 15 minuten geldig vanaf het moment dat hij is verstuurd. Als je niet hebt geprobeerd in te loggen, verander dan onmiddellijk je wachtwoord.
Verifiëren en aanmelden
Translated into English:
Verify a login attempt with your account on M***********n.
Requested time: October 3, 2023 03:14:16 PM
IP: ************
The request has been marked as suspicious, and we need verification that you attempted to log in for it to go through. This verification link is valid for 15 minutes from the time it is sent. If you have not tried to log in, please change your password immediately.
Verify and sign in
Plugin Support
wfmark
(@wfmark)
Hello @supervinnie41, and thanks for sharing your thoughts about Wordfence!
Are you using reCAPTCHA on your login pages? I suspect the human/bot threshold score set on your site is too high. Any “Verification Required” messages and emails are related to the message Google will send back when the user fails to be confirmed as human by reCAPTCHA checks.
We don’t receive inside information from Google about why a human may sometimes receive a low enough score to always require verification. The “reCAPTCHA human/bot threshold score” setting in Wordfence > Login Security > Settings is set to 0.5 by default. A higher threshold setting like 1.0 will cause the verification process to be more frequent as it would need to definitely be seen as a human to log in without verification. I recommend setting that to 0.5 and then using the “Run reCAPTCHA in test mode” option below that for a short time to see what sort of scores you see during your logins. You may need to reduce or increase the threshold score slightly after looking at the test mode score.
That said, this could be an issue with plugin/theme conflicts too. Double-check the browser console for red errors that might hint at issues with the reCAPTCHA on this page. If our scripts don’t load properly due to an error earlier in the loading process, this is the most common cause of such behaviour. The best way to test is to run Wordfence as your only enabled plugin and also revert to a default theme such as Twenty Twenty-Three. If you are able to log in, then re-enable your plugins and theme one by one until it breaks again to help find the cause.
Thanks,
Mark.
Thank you, I am indeed using recaptcha. I wasn’t aware this could cause it? I kinda assumed it would only trigger the popup where you have to click on busses, bridges or crossovers.
I have now set the threshold a tad lower and it seems to work. I have been monitoring the outgoing mails and I haven’t seen any verification mails yet.
I’ll keep an eye on it.
Thanks for the assistance Mark.
