Hi @121940kz
I’m sorry to say that this plugin doesn’t officially support login forms outside the default wp-login.php and WooCommerce login forms. So, it may be that the captcha was displaying but not actually properly validating if you were using a custom-themed login page.
That said, it looks like Theme My Login does support its own CAPTCHA, which I am sure will be compatible:
https://thememylogin.com/extensions/recaptcha/
Best,
Robert
@121940kz Just to say I looked into this further and can confirm that Theme My Login does not execute the standard login_form action that WooCommerce and wp-login.php execute to render custom fields. This is probably because they want you to buy their captcha extension instead of using a third-party option. I’m not sure how the captcha was displaying before, but I doubt that it was validating on the back-end (you can check by enabling the submit button and trying the form without clicking the captcha). So, rather than rolling back I would suggest going with the extension. No other third-party plugin will be able to display a captcha on TML pages either, I’m afraid, due to the architecture.
Good luck!
Rollback to 1.5 worked for me. I use Login Widget With Shortcode and to validate the reCaptcha properly, I modified “view/frontend/login.php” file within that plugin.
Top of page:
<style type="text/css">
.log-form-group input#wp-submit[disabled], .log-form-group input#wp-submit:disabled, .log-form-group input#wp-submit[disabled]:hover, .log-form-group input#wp-submit:disabled:hover { CSS_goes_here } /* Disabled login button. */
#wp-submit { CSS_goes_here } /* Sign in button. */
</style>
Added CSS callbacks to submit input:
id="wp-submit" disabled="disabled"
That’s how I got it perfectly to work with a third party plugin.
I looked at the wp-admin submit button and what this plugin modified, then dropped it in Login Widget With Shortcode login form output file and worked!
-
This reply was modified 5 years ago by
tonyck.
Thanks @tonyck — unfortunately I worry that even if the javascript is enabling/disabling, you may be able to put through a form without the captcha (which si what automated bots do). The plugin is only designed to work with WooComerce forms and wp-login.php. So I can only be sure of the security on those two options.
Exactly. To rectify that, on our site at least, we enabled two factor authentication for admins.. of which only works on wp-login. So you can’t login on the frontend, because the plugin can’t display 2FA on third party plugins. We don’t store any specific information outside of an address for our users, transactions are done through our merchant gateways.
Non-admins don’t have access to the dashboard area to prevent security issues. Everything the users do are on the frontend. We do get spam and a few brute force attempts, but they’re like 90% against the “admin” account, which doesn’t exist. If anything, they’re more annoying than anything.
I love the simplicity of your plugin and it’s the closest I’ve come across that “kind of” worked to show a reCaptcha on frontend logins. Again, for security reasons, I don’t want our users to know we’re using WordPress or backend login areas. I try my hardest to keep the admins and users separated with their data and site access.
@tonyck if your front-end form can hook the standard login_form hook, add the WooCommerce nonce, and post to wp-login.php you have a chance at making this work. Alternatively you could modify the source of this plugin to make it “recognise” your custom form, but you also need to make sure it checks the back end, otherwise it’s just a false sense of security to have the captcha render on the front-end. π
@tonyck @121940kz we are using a new approach to disabling buttons in 1.6.5. I would be curious to know if this helps with your configuration.
@robertpeake I will update you when I get a chance to update the plugin. I think tomorrow will be a good test day, being that I have to update the other plugin as well. I’m sure I’ll have to modify things on their end, I’ll already be in it to see what your new update offers.
Thank you for the interest though, I’ll report back with what happened.
@robertpeake When do you think the 1.6.5 update will be live? I checked this morning and the latest update offered is 1.6.4 from 4 days ago. Thanks!
Sorry @tonyck — I meant 1.6.4 — that’s the latest.
@robertpeake I updated to 1.6.4 and it seems to be working as 1.5 did.
Thank you for looking in to this!
Bummer. Thanks for letting me know.
@robertpeake No, that’s a good thing! 1.5 was the last version that worked, everything between 1.5 and 1.6.4 broke for my setup. You did good!
Actually, it’s doing something weird. We have the same login on multiple pages and it seems to work on the Your Account and default WP-Admin, yet is excluded on Homeowner and Contractor Members. I looked at the HTML and it doesn’t even insert the DIV recaptcha code block. It’s using the same login code snippet on all the pages.. can there be a limit perhaps? I also duplicated the working Your Account page and it’s omitted on the duplicated page.
-
This reply was modified 4 years, 11 months ago by tonyck. Reason: Found an issue on secondary pages
