I have a password field on a form. This is a security measure to ensure that it is the real user completing the form and not someone else who has come across a logged-in account.
In my plugin which processes the form, I make this call:
$user = apply_filters('authenticate', null, sanitize_user ( $current_user->user_login ), $password );
Even though the user is logged in, they will receive a ‘login verification required’ email and furthermore the authentication test fails.
If I disable WordFence, all works fine.
It looks like youi are confusing a password verification test with a real login attempt. The user is logged in so you should be able to tell the difference.
- The topic ‘Password check triggers suspicious login attempt email’ is closed to new replies.