Hi @germanmazza, thanks for getting in touch.
Is your site using reCAPTCHA/2FA or both? I have seen issues before where Google has given a specific user a low score, so it’s requiring extra verification to prove they aren’t a bot. We aren’t in a position to be informed as to why Google’s algorithm comes to this conclusion.
You can usually disable verification emails by setting the threshold for these emails to be 1.0 (Definitely a human):
1. Go to Wordfence > Login Security
2. Alter the reCAPTCHA human/bot threshold score to 1.0
You could try some trial & error here by lowering the required score to see if this user can be excluded at any level from receiving the additional verification. However, the lower the score accepted as human, the more actual bots may slip through this additional verification.
I’d be interested to see what you discover about the score being given to this user, so let me know how you get on!
Thanks,
Peter.
Hi, thank you for the repply. I’ve set the threshold to 0.2, 0.1 and even 0 and still the user can’t login. It keeps asking additional verification. Looks more like a bug rather than a hard security meassure.
Any ideas? thank you!
Hi @germanmazza,
Thanks again for the reply and thanks for trying my suggestion. If I do go down the bug route, we will need to know a little about your configuration in case there’s any plugin conflicts or specific settings that might point to what’s happening here.
Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.
Peter.
Hello! sorry for the delay. I’ve sent you two diagnostics. Two sites in the same domain with both the same problem. This is something new, never happend in the past. The sites were not modified.
In one site now is disable ( site: “go”), it was the first with this issue and the one for wich i’ve open this ticket.
In the other, today I’ve disable it. (site: “root site” ) Many support requests about the same issue.
Thank you
I almoust forgot. Just to let you know, it doesn’t look like the computer is beeing marked with low score. Is the user. It doesn’t mind if you switch to another computer in another place, the users is marked and even me (using the user with issues) I got the request for “VERIFICATION REQUIRED”.
Best
Hi @germanmazza, thanks for the update.
I did mention the user being scored low rather than the machine, but we still aren’t privy to why Google comes to this conclusion.
There are still a few things you can try in case the CAPTCHA is being affected by other script errors so reporting back incorrectly rather than actually rejecting the user(s). Could I please check whether the error persists when the latest version of Wordfence is the only plugin enabled? You may also need to return to a default theme such as Twenty Twenty during this time to rule out an issue in your theme too. If the error doesn’t present during a “clean” WordPress/Wordfence installation, enable your plugins one-by-one to see when the problem returns.
Likewise during this time, try an alternative browser to your default choice in private/incognito browsing mode with browser plugins disabled to see if script caching or plugin code modifying the content of viewed pages is the source of the problem.
Thanks,
Peter.
