Support » Plugin: All In One WP Security & Firewall » Registration Captcha Control

  • Resolved geoffatmm

    (@geoffatmm)


    Hi

    I have only turned on the registration Captcha and registration honeypot and for the forms it works correctly. There is a captcha on the registration form but not on the login form.

    However, on the WooCommerce “My Account” page there is a captcha request for both registration and login. As this is the most frequently used entry page for existing users to login, I need to disable the captcha on the login side of the page. I assume this is a support issue and not something I can control.

    I eventually want to turn on captcha control for login (for non administrative roles, see my other post on this) and do not want the two requirement clashing on the login pages.

    Geoff

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    However, on the WooCommerce “My Account” page there is a captcha request for both registration and login. As this is the most frequently used entry page for existing users to login, I need to disable the captcha on the login side of the page. I assume this is a support issue and not something I can control.

    Can you check to make sure you have not enabled the following feature Enable Captcha On Woocommerce Login Form:. This is located under WP Security -> Brute Force -> Login Captcha.

    Regards

    Thread Starter geoffatmm

    (@geoffatmm)

    mbrsolutions, apologies for the delay in responding but I have been travelling.

    On the brute force page I have only ticked woocommerce registration and woocmmerce lost password.

    Under User Registration both the form page and the honeypot are activated.

    Under User Login I have activated lockdown after 5 attempts.

    The Login form does not have a captcha, the Registration form does.

    The WooCommerce My Account page still shows a captcha on both registration and login.

    Under failed attempts there are a number of attempts using user names that are on the site and I need to check to see if these are genuine or not and change the usernames if necessary (how do you do that on woocommerce without losing the user history?).

    Finally, despite having the registration captcha running, I am still getting false user accounts set up on the site. How is this possible?

    Appreciate your support.

    Geoff

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi Geoff,

    On the brute force page I have only ticked woocommerce registration and woocmmerce lost password.

    I also enabled this myself in my testing site.

    The Login form does not have a captcha, the Registration form does.

    In my site when I go to WooCommerce my account login, I see the captcha under both the login and registration widgets. This is odd since I did not enable the following feature Enable Captcha On Woocommerce Login Form: in AIOWPS plugin.

    What version of AIOWPS do you have installed? I have the latest version 4.3.6. What version of WooCommerce do you have installed? I have the latest version 3.4.5.

    I checked your URL above and noticed that you also have the captcha displayed under the login and registration widgets! Did you make any changes yourself to AIOWPS settings?

    Under failed attempts there are a number of attempts using user names that are on the site and I need to check to see if these are genuine or not and change the usernames if necessary (how do you do that on woocommerce without losing the user history?).

    Do you have the following features enabled?

    Instantly Lockout Invalid Usernames:
    Instantly Lockout Specific Usernames:

    Finally, despite having the registration captcha running, I am still getting false user accounts set up on the site. How is this possible?

    Do you know which country these registrations are coming from?

    Regards

    • This reply was modified 3 years, 11 months ago by mbrsolution.
    Plugin Contributor wpsolutions

    (@wpsolutions)

    despite having the registration captcha running, I am still getting false user accounts set up on the site. How is this possible?

    The current math captcha is fairly simple and the bots have probably learned to get around it.
    I have recently implemented Google ReCaptcha as another choice for the captcha features and you should have better luck stopping those registrations when you use that.
    The new Google ReCaptcha feature will be available in the next release which should be coming very soon.

    Plugin Contributor wpsolutions

    (@wpsolutions)

    on the WooCommerce “My Account” page there is a captcha request for both registration and login

    I forgot to add that the above is a minor bug whereby the captcha will appear for both the woo login and woo register pages when any one of the captcha settings for these is enabled.
    I have fixed this for the next release.

    Thread Starter geoffatmm

    (@geoffatmm)

    Hi

    I have woocommerce 3.4.5 and AIOWPS 4.3.6 the same as you.

    Are the widgets you are referring to the ones on the “My Account” page because that is the problem I am writing about?

    I have now ticked

    Instantly Lockout Invalid Usernames:

    to secure the site against the false usernames set up. I flush these out and delete them regularly but it is a bit of a pain.

    I suspected it was the simplicity of the maths that was causing the problem. I will enable the google recaptcha when it becomes available.

    Actually I started with google recaptcha and moved to AIOWPS to be able to separate login and registration! I can reinstall it again but does it run comfortably alongside AIOWPS? I assume I would disable the login and registration elements of AIOWPS and enable google recaptcha instead and then revert back to AIOWPS once it is enable with google recaptcha?

    Or, if it is coming really soon, should I just wait and put up with the pain?

    Geoff

    • This reply was modified 3 years, 11 months ago by geoffatmm.
    Thread Starter geoffatmm

    (@geoffatmm)

    Just seen you latest response.

    I will wait for the next release.

    Geoff

    Thread Starter geoffatmm

    (@geoffatmm)

    Hi

    I am still experiencing a lot of false registrations although they do not appear to be used after their registration so it seems a pointless exercise by whoever is doing it. Or is there something I am missing?!

    I wondered when the next release with google captcha is going to be out as flushing out these false accounts is a bit of a pain?

    Is there a way to capture the email addresses of the false accounts through AIOWPS or is it a manual exercise? I was going to let the address owners know as I did not want to accidentally just delete an address that is genuine that I do not recognise?

    Geoff

    Thread Starter geoffatmm

    (@geoffatmm)

    I did not get a reply but I have now seen that the latest version has been added to my site and google recaptcha is in it. I have set it up and will only come back if I continue to have problems. If I do, I will open a new request so I am closing this one as resolved.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Registration Captcha Control’ is closed to new replies.