Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#26760 closed enhancement (invalid)

Allow checking login form fields before username/password

Reported by: crysman's profile crysman Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:


According to the WP BSW CAPTCHA plugin developers (see here), it is impossible now to check CAPTCHA input BEFORE entering the rest of the fields at the WP admin login screen.

This leads to the security vulnerability and lowers significantly the benefit of using any CAPTCHA.

Here are the details - there is also a short explaining video in the comment just below this one.

Change History (4)

#1 @rmccue
10 years ago

  • Summary changed from Allow corect CAPTCHA behavior at login to Allow checking login form fields before username/password

This isn't just CAPTCHA-specific, so renaming.

#2 @SergeyBiryukov
10 years ago

  • Keywords close added

"Unfortunately, WordPress DOES NOT have an opportunity to check captcha input BEFORE entering the rest of the fields."

This is just plain wrong.

The BestWebSoft's Captcha plugin uses login_errors and login_redirect filters to check the captcha:

Core checks for correct username/password earlier, by hooking into the authenticate filter:

The plugin should just hook into the same filter with an earlier priority.

SI CAPTCHA Anti-Spam plugin does that correctly and works the way you want:

#3 @crysman
10 years ago

Thank you very much, Sergey! I will contact the developers and tell them.

#4 @SergeyBiryukov
10 years ago

  • Component changed from Security to Login and Registration
  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Type changed from feature request to enhancement
Note: See TracTickets for help on using tickets.