Title: Not safe Last modified: October 22, 2018 --- # Not safe * Resolved [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/) * Your plugin in not working as it should. At the password recovery form of WordPress, script kiddies can bypass the security! - This topic was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). - This topic was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). Viewing 8 replies - 1 through 8 (of 8 total) * Thread Starter [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805128) * I have everything enabled: Login, Password Recovery, Comments, etc. * For some reason it can be bypassed, maybe the WordPress API. I have to look further, but for now this plugin is the weakness. - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). * Thread Starter [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805131) * I use Wordfence also and Wordfence does his job. * Thread Starter [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805133) * Is Recaptcha a bullshit product? Maybe… * Thread Starter [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805177) * This email was sent from your website “XXXXX.nl” by the Wordfence plugin at Monday 22nd of October 2018 at 10:06:30 PM The Wordfence administrative URL for this site is: [https://www.XXXXX.nl/wp-admin/admin.php?page=Wordfence](https://www.XXXXX.nl/wp-admin/admin.php?page=Wordfence) A user with IP addr 180.183.243.52 has been locked out from signing in or using the password recovery form for the following reason: Used an invalid username‘ XXXXX’ to try to sign in.. The duration of the lockout is 1 hour. User IP: 180.183.243.52 User hostname: mx-ll-180.183.243-52.dynamic.3bb.co.th User location: Ratchaburi, Thailand * Thread Starter [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805186) * Ok, i’m wrong maybe…it is going about the username. Wordfence blocks the “Wrong Username” directly when it is a not existing username. * The Submit button is disabled, before the Recaptha code is filled in…so what i’m missing… - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). * Thread Starter [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805221) * W3 Total Cache: Minify enabled…do not show the Recaptcha. Disable it or fine tune it, is a solution. * But for now that is not the solution. The Recaptcha is working and Minify disabled in W3 Total Cache. At the website the problem occurs, the problem still exist. Minify was already disabled. - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). * Thread Starter [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805227) * It’s a human action i believe…fuckers * Multiple IP’s, multiple countries. * Changing source IP’s with Tor is simple. - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). * Thread Starter [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * (@vverloop) * [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805240) * If you are from my country and you are my customer, why you should enter my websites via Tor, and you have nothing to hide. Only local business at this moment and trusted people. Fuck Tor and anonymous proxies at this moment, block that shit. - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). - This reply was modified 7 years, 7 months ago by [Vincent Verloop](https://wordpress.org/support/users/vverloop/). Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘Not safe’ is closed to new replies. * ![](https://ps.w.org/wp-recaptcha-integration/assets/icon-256x256.png?rev=2337056) * [ReCaptcha Integration for WordPress](https://wordpress.org/plugins/wp-recaptcha-integration/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-recaptcha-integration/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-recaptcha-integration/) * [Active Topics](https://wordpress.org/support/plugin/wp-recaptcha-integration/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-recaptcha-integration/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-recaptcha-integration/reviews/) * 8 replies * 1 participant * Last reply from: [Vincent Verloop](https://wordpress.org/support/users/vverloop/) * Last activity: [7 years, 7 months ago](https://wordpress.org/support/topic/not-safe-3/#post-10805240) * Status: resolved