Login captcha doesn’t trigger for bots

  • Resolved Tahoe

    (@morceaudebois)


    1 year, 7 months ago

    Hi! I have a server with some WordPress sites and I’m trying to block bots from spamming the /wp-login.php page. I often get spamming requests like these:

    a-random-ip - - [17/Oct/2024:09:04:54 +0200] "POST /wp-login.php HTTP/2.0" 200 4692 "https://mysite.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.240.193 Safari/527.12"

    I installed the hCaptcha plugin and enabled it on the login form after two login attempts, but I’m still getting the bots from time to time. Captcha doesn’t seem to get triggered as when I look into the stats for my hCaptcha key, it’s only at two sessions.

    Would appreciate some insight on this, thank you 🙂

Viewing 1 replies (of 1 total)
  • Plugin Contributor kaggdesign

    (@kaggdesign)

    1 year, 7 months ago

    Hi @morceaudebois,

    The plugin counts login attempts per IP. So, if a bot changes its IP, hCaptcha won’t be shown to a new IP. That is why you see bots from time to time.

    Set “login attempts before hCaptcha” to 0. It will solve the problem. If you do not want hCaptcha to be shown, you can activate the Pro plan on hcaptcha.com. It has 99.9% passive mode.

Viewing 1 replies (of 1 total)

The topic ‘Login captcha doesn’t trigger for bots’ is closed to new replies.