Support » Plugin: Login No Captcha reCAPTCHA » No Longer Working After Update

  • Resolved 121940kz

    (@121940kz)


    I just updated and now the recaptcha is no longer showing on my login page. I am using Theme My Login version 6.4.17 and the recaptcha was working fine on it until this last update today.

    I have tried deactivating and re-activating, have tried clicking save again in the settings. Those attempts have not made a difference. In the settings the keys are still valid, as i see the recaptcha box. The problem is with the newest update and theme my login. I have several sites using this version and all have problems now.

    • This topic was modified 9 months, 1 week ago by 121940kz.
Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Author Robert Peake

    (@robertpeake)

    Hi @121940kz

    I’m sorry to say that this plugin doesn’t officially support login forms outside the default wp-login.php and WooCommerce login forms. So, it may be that the captcha was displaying but not actually properly validating if you were using a custom-themed login page.

    That said, it looks like Theme My Login does support its own CAPTCHA, which I am sure will be compatible:

    https://thememylogin.com/extensions/recaptcha/

    Best,
    Robert

    Plugin Author Robert Peake

    (@robertpeake)

    @121940kz Just to say I looked into this further and can confirm that Theme My Login does not execute the standard login_form action that WooCommerce and wp-login.php execute to render custom fields. This is probably because they want you to buy their captcha extension instead of using a third-party option. I’m not sure how the captcha was displaying before, but I doubt that it was validating on the back-end (you can check by enabling the submit button and trying the form without clicking the captcha). So, rather than rolling back I would suggest going with the extension. No other third-party plugin will be able to display a captcha on TML pages either, I’m afraid, due to the architecture.

    Good luck!

    Rollback to 1.5 worked for me. I use Login Widget With Shortcode and to validate the reCaptcha properly, I modified “view/frontend/login.php” file within that plugin.

    Top of page:

    <style type="text/css">
    .log-form-group input#wp-submit[disabled], .log-form-group input#wp-submit:disabled, .log-form-group input#wp-submit[disabled]:hover, .log-form-group input#wp-submit:disabled:hover { CSS_goes_here }  /* Disabled login button. */
    #wp-submit { CSS_goes_here } /* Sign in button. */
    </style>

    Added CSS callbacks to submit input:

    id="wp-submit" disabled="disabled"

    That’s how I got it perfectly to work with a third party plugin.

    I looked at the wp-admin submit button and what this plugin modified, then dropped it in Login Widget With Shortcode login form output file and worked!

    • This reply was modified 9 months, 1 week ago by tonyck.
    Plugin Author Robert Peake

    (@robertpeake)

    Thanks @tonyck — unfortunately I worry that even if the javascript is enabling/disabling, you may be able to put through a form without the captcha (which si what automated bots do). The plugin is only designed to work with WooComerce forms and wp-login.php. So I can only be sure of the security on those two options.

    tonyck

    (@tonyck)

    Exactly. To rectify that, on our site at least, we enabled two factor authentication for admins.. of which only works on wp-login. So you can’t login on the frontend, because the plugin can’t display 2FA on third party plugins. We don’t store any specific information outside of an address for our users, transactions are done through our merchant gateways.

    Non-admins don’t have access to the dashboard area to prevent security issues. Everything the users do are on the frontend. We do get spam and a few brute force attempts, but they’re like 90% against the “admin” account, which doesn’t exist. If anything, they’re more annoying than anything.

    I love the simplicity of your plugin and it’s the closest I’ve come across that “kind of” worked to show a reCaptcha on frontend logins. Again, for security reasons, I don’t want our users to know we’re using WordPress or backend login areas. I try my hardest to keep the admins and users separated with their data and site access.

    Plugin Author Robert Peake

    (@robertpeake)

    @tonyck if your front-end form can hook the standard login_form hook, add the WooCommerce nonce, and post to wp-login.php you have a chance at making this work. Alternatively you could modify the source of this plugin to make it “recognise” your custom form, but you also need to make sure it checks the back end, otherwise it’s just a false sense of security to have the captcha render on the front-end. 🙂

    Plugin Author Robert Peake

    (@robertpeake)

    @tonyck @121940kz we are using a new approach to disabling buttons in 1.6.5. I would be curious to know if this helps with your configuration.

    @robertpeake I will update you when I get a chance to update the plugin. I think tomorrow will be a good test day, being that I have to update the other plugin as well. I’m sure I’ll have to modify things on their end, I’ll already be in it to see what your new update offers.

    Thank you for the interest though, I’ll report back with what happened.

    @robertpeake When do you think the 1.6.5 update will be live? I checked this morning and the latest update offered is 1.6.4 from 4 days ago. Thanks!

    Plugin Author Robert Peake

    (@robertpeake)

    Sorry @tonyck — I meant 1.6.4 — that’s the latest.

    @robertpeake I updated to 1.6.4 and it seems to be working as 1.5 did.

    Thank you for looking in to this!

    Plugin Author Robert Peake

    (@robertpeake)

    Bummer. Thanks for letting me know.

    @robertpeake No, that’s a good thing! 1.5 was the last version that worked, everything between 1.5 and 1.6.4 broke for my setup. You did good!

    Actually, it’s doing something weird. We have the same login on multiple pages and it seems to work on the Your Account and default WP-Admin, yet is excluded on Homeowner and Contractor Members. I looked at the HTML and it doesn’t even insert the DIV recaptcha code block. It’s using the same login code snippet on all the pages.. can there be a limit perhaps? I also duplicated the working Your Account page and it’s omitted on the duplicated page.

  • Page – Your Account (works)
  • Page – Contractor Members
  • Page – Homeowner
  • Testing Login (duplicated “Your Account”)
  • Thanks for your help!

    • This reply was modified 8 months, 1 week ago by tonyck. Reason: Found an issue on secondary pages
Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘No Longer Working After Update’ is closed to new replies.