Opened 6 years ago
Closed 6 years ago
#26760 closed enhancement (invalid)
Allow checking login form fields before username/password
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Login and Registration | Keywords: | |
| Focuses: | Cc: | ||
| PR Number: |
Description
According to the WP BSW CAPTCHA plugin developers (see here), it is impossible now to check CAPTCHA input BEFORE entering the rest of the fields at the WP admin login screen.
This leads to the security vulnerability and lowers significantly the benefit of using any CAPTCHA.
Here are the details - there is also a short explaining video in the comment just below this one.
Change History (4)
#1
@
6 years ago
- Summary changed from Allow corect CAPTCHA behavior at login to Allow checking login form fields before username/password
#2
@
6 years ago
- Keywords close added
"Unfortunately, WordPress DOES NOT have an opportunity to check captcha input BEFORE entering the rest of the fields."
This is just plain wrong.
The BestWebSoft's Captcha plugin uses login_errors and login_redirect filters to check the captcha:
http://plugins.trac.wordpress.org/browser/captcha/tags/3.9.3/captcha.php#L156
Core checks for correct username/password earlier, by hooking into the authenticate filter:
https://core.trac.wordpress.org/browser/tags/3.8/src/wp-includes/user.php#L68
The plugin should just hook into the same filter with an earlier priority.
SI CAPTCHA Anti-Spam plugin does that correctly and works the way you want:
http://plugins.trac.wordpress.org/browser/si-captcha-for-wordpress/tags/2.7.7.1/si-captcha.php#L1249
This isn't just CAPTCHA-specific, so renaming.