WordPress.org

Forums

All In One WP Security & Firewall
[resolved] Failing to properly answer the CAPTCHA on admin login tocks ip on 1 try (2 posts)

  1. ArchAngl
    Member
    Posted 1 year ago #

    Though the plugin allows for multiple attempts to enter the user name and password on the administrative login page, God help you if you have CAPTCHA enabled and absentmindedly enter the wrong answer for the numeric CAPTCHA.

    This results in automatic lock down of your ip.

    If you enable login captcha make SURE you enable the unlock request button or you will have to proxy your way back into your back end.

    Setting retries for logins to 3 ONLY accounts for unsuccessful password / user name entries with a correct response to CAPTCHA.

    Any incorrect response to cAPTCHA or leaving it blank, no matter if it's first try or 3rd, will result in an ip lock down.

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. wpsolutions
    Member
    Plugin Author

    Posted 1 year ago #

    Any incorrect response to cAPTCHA or leaving it blank, no matter if it's first try or 3rd, will result in an ip lock down

    Check your settings to see if you have the Instantly Lockout Invalid Usernames checkbox enabled.
    I've just tried a few tests and have found a small bug which occurs only when the above-mentioned checkbox is enabled AND you enter a wrong captcha answer.

    The bug is now fixed and will be available in the next release.

    For now you can leave the Instantly Lockout Invalid Usernames checkbox disabled to avoid the issues you observed earlier.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic