Title: Numeric captcha not reliable Last modified: August 22, 2016 --- # Numeric captcha not reliable * Resolved [Mohan Raj](https://wordpress.org/support/users/mohanrajnr/) * (@mohanrajnr) * [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/) * Hi Dev, * (Sorry for my bad english) * I am a developer and cracker. While I was in a hunt to search a reliable wordpress secure login captcha plugin I found yours. I was able to reverse engineer the numeric captcha where you save your info as a hidden field. The problem here is while I visit manually first I will ne able to calculate the answer and I will note down the hidden field values for “aiowps-captcha-string-info”, “aiowps- captcha-temp-string”. Later I will be able to hit website with the know values of captcha using a curl request to find out the username password(brute force algorithm) resulting your captcha will be totally ignored. * ie) Field Value aiowps-captcha-string-info MTQxOTg0MzkwMTJjNG1ydjZtOXRmbW1vb3hrcmo3MTA = aiowps-captcha-temp-string 1419843901 aiowps-captcha-answer 10 * I will use the above field-values to break the captcha. * I really loved the idea of Cookie Based Brute Force Login but I when I thought of using this plugin I found a tiny loophole in captcha. * [https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/#post-5617926) * Hi mohanrajnr thank you for reporting the loophole. One of the plugin developers will look into this issue. * Kind regards * Thread Starter [Mohan Raj](https://wordpress.org/support/users/mohanrajnr/) * (@mohanrajnr) * [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/#post-5618015) * Thank you for swift response. Awaiting for a fix as I will be using this plugin in one of my site. * Plugin Contributor [wpsolutions](https://wordpress.org/support/users/wpsolutions/) * (@wpsolutions) * [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/#post-5618059) * Hi and thanks for the feedback. * In order to do what you are claiming, you will firstly need to get to the login page……but if you have one of the other features enabled (such as the cookie based brute force, rename login page or white list) how will you get past those barriers? * The captcha we use isn’t perfect, just like other captcha methods aren’t perfect too, but it does provide a reasonable barrier against most current robots. * The real brute force stopping power comes from one of the other features such as the cookie based brute force, rename login page or white list. Use one of these together with the captcha (or on their own) and you will find that brute force attacks like the one you mention will be very difficult to do. * [mra13 / Team Tips and Tricks HQ](https://wordpress.org/support/users/mra13/) * (@mra13) * [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/#post-5618064) * The simple numeric captcha option offered in the plugin is not suppose to be an ubreakable captcha. It is a simple and lightweight captcha system that provides another small additional barrier. * [cjwallac](https://wordpress.org/support/users/cjwallac/) * (@cjwallac) * [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/#post-5618202) * I also have a problem with Captcha, basically the login displays the math Captcha, but then it doesn’t seem to be required. If we login without using the Captcha it just allows us to login with no error or rejected login. I do understand Captcha isn’t perfect, but this issues make it irrelevant. Please let me know if there is either a setting or if this is true issues let me know how I can help resolve. * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/#post-5618203) * Hi cjwallac this support thread has being marked as resolved. Can you open up a new one please. * Thank you * [cjwallac](https://wordpress.org/support/users/cjwallac/) * (@cjwallac) * [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/#post-5618204) * Yes thanks! Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Numeric captcha not reliable’ is closed to new replies. * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256. png?rev=2798307) * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/) * 7 replies * 5 participants * Last reply from: [cjwallac](https://wordpress.org/support/users/cjwallac/) * Last activity: [11 years, 5 months ago](https://wordpress.org/support/topic/numeric-captcha-not-reliable/#post-5618204) * Status: resolved