Hi @lkdasa, thanks for getting in touch!
The verification emails are sent to verify a failed reCAPTCHA score. Google reCAPTCHA v3 only provides a score and nothing else, it doesn’t fall back to picking bicycles/traffic lights/etc., so any fallback is left to the implementer. We decide to send an email to prevent people being stuck without a solution to log in.
In terms of reCAPTCHA generally, we don’t receive information from Google about why a human may sometimes receive a low enough score to always require verification. Generally, a “reCAPTCHA human/bot threshold score” setting in Wordfence > Login Security > Settings of at least 0.7 should allow most humans through on your site without having to verify every time. You could try altering this a few times to see if any setting helps.
Our reCAPTCHA and 2FA are primarily designed to be compatible with the default WordPress and WooCommerce logins only. Using custom pages/modals or pages generated by membership plugins etc. may always return a 0 or null score and always require verification.
Many thanks,
Peter.
Thread Starter
lkdasa
(@lkdasa)
Of course, that makes perfect sense.
Best wishes,
Lal
