Title: Hackers running code? Last modified: February 2, 2019 --- # Hackers running code? * Resolved [equineadoption](https://wordpress.org/support/users/equineadoption/) * (@equineadoption) * [7 years, 3 months ago](https://wordpress.org/support/topic/hackers-running-code/) * Hi, * Why is this plugin not stopping hackers from trying to login with an invalid username, the 4 to 5 attempts all happen within seconds? * They must be using code to achieve this? or Is wordfence blocking them as soon as they put in the invalid username before they need to fill the reCAPTCHA? * Any thoughts? * Thanks Chris Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [Robert Peake](https://wordpress.org/support/users/robertpeake/) * (@robertpeake) * [7 years, 3 months ago](https://wordpress.org/support/topic/hackers-running-code/#post-11163436) * I agree it’s strange. I’m looking into the possibility that these automated attempts are leveraging the [WordPress API Authentication](https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/) features, which obviously are not / can not be protected by a captcha. * Thread Starter [equineadoption](https://wordpress.org/support/users/equineadoption/) * (@equineadoption) * [7 years, 3 months ago](https://wordpress.org/support/topic/hackers-running-code/#post-11163577) * Hi Robert, * Thanks for checking that out. * I get hit daily, there will be a flood of rapid hits than about a 12-hour pause. Then it starts again this has been going on for about 5 days now. They are coming from all over the world, mostly from Vietnam. * Chris * Plugin Author [Robert Peake](https://wordpress.org/support/users/robertpeake/) * (@robertpeake) * [7 years, 3 months ago](https://wordpress.org/support/topic/hackers-running-code/#post-11167208) * Hi, * I tested this, and indeed WordFence intercepts invalid usernames “upstream” of the reCaptcha checking. * So, a bad actor submitting a login form without a valid reCaptcha and also with an invalid username will be intercepted by WordFence, sending back the [“you are locked out” screen](https://imgur.com/a/tolrEIB) and generating an email alert to the (real) admin. * Of course, if WordFence were disabled, a bad actor submitting a login form without a valid reCaptcha and also with an invalid username would still be intercepted by this reCaptcha plugin and denied access. It is just that WordFence “gets there first”. * Hope this makes sense. It may be possible in a future release to put the reCaptcha checking “ahead” of WordFence, in which case the reCaptcha checking would handle this (silently) instead of WordFence generating the emails. * Best, Robert * Thread Starter [equineadoption](https://wordpress.org/support/users/equineadoption/) * (@equineadoption) * [7 years, 3 months ago](https://wordpress.org/support/topic/hackers-running-code/#post-11167540) * Hi Robert, * I thought that maybe the issue, thank you for checking into it. * Chris * Plugin Author [Robert Peake](https://wordpress.org/support/users/robertpeake/) * (@robertpeake) * [7 years, 2 months ago](https://wordpress.org/support/topic/hackers-running-code/#post-11299815) * Hi Chris, * With the release of 1.4 I have increased the priority of the CAPTCHA checking ahead of WordFence, so hopefully now you won’t keep getting these spurious alerts. * Best, Robert * Thread Starter [equineadoption](https://wordpress.org/support/users/equineadoption/) * (@equineadoption) * [7 years, 2 months ago](https://wordpress.org/support/topic/hackers-running-code/#post-11300218) * Hi Robert, * Thank You * Chris Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Hackers running code?’ is closed to new replies. * ![](https://ps.w.org/login-recaptcha/assets/icon-256x256.png?rev=1137538) * [Login No Captcha reCAPTCHA](https://wordpress.org/plugins/login-recaptcha/) * [Frequently Asked Questions](https://wordpress.org/plugins/login-recaptcha/#faq) * [Support Threads](https://wordpress.org/support/plugin/login-recaptcha/) * [Active Topics](https://wordpress.org/support/plugin/login-recaptcha/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/login-recaptcha/unresolved/) * [Reviews](https://wordpress.org/support/plugin/login-recaptcha/reviews/) * 6 replies * 2 participants * Last reply from: [equineadoption](https://wordpress.org/support/users/equineadoption/) * Last activity: [7 years, 2 months ago](https://wordpress.org/support/topic/hackers-running-code/#post-11300218) * Status: resolved