• Skip to primary navigation
  • Skip to main content

RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

  • WordPress Plugins
    • WP-Members
      • FAQs
      • Quick Start
      • Documentation
      • Extensions
    • Advanced Options
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Download Protect
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Invite Codes
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • MailChimp Integration
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • PayPal Subscriptions
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Salesforce Web-to-Lead
    • Security
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Text Editor
      • Purchase the Plugin
      • Get the Pro Bundle
    • User List
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • User Tracking
      • Documentation
      • Purchase the Plugin
      • Get the Pro Bundle
    • Memberships for WooCommerce
    • WordPass
  • Store
    • Cart
    • Checkout
  • Blog
    • Basics [Free]
    • Tips and Tricks
    • Filters
    • Actions
    • Code Snippets
    • Shortcodes
    • Design
    • Release Announcements
  • Contact
  • Sign In
  • Show Search
Hide Search
Home » Tips and Tricks » Workaround for WP-Members front end login when using a CAPTCHA device on the WP login form

Workaround for WP-Members front end login when using a CAPTCHA device on the WP login form

Chad Butler · Dec 20, 2013 ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

 

If you using a plugin to implement a CAPTCHA on the WordPress login form (the backend login, wp-login.php), you will find that this is incompatible with the WP-Members front end login.

What happens is that in order to implement the CAPTCHA, the plugin must remove the function wp_authenticate_username_password from the authenticate process with remove_filter.  This allows the plugin to implement its own authentication that includes not only username and password, but also will validate the CAPTCHA.

This creates a problem for WP-Members which also uses WP’s authentication to log a user in because the WP-Members form will only be passing two parameters, username and password, and the authentication is now requiring the addition of a third parameter (the CAPTCHA).

Obviously, one solution is to not use the CAPTCHA plugin in the first place (or if it is a plugin that does more, disable the login CAPTCHA).  CAPTCHAs were never intended to be used for logins anyway and in my opinion it makes for a bad user experience while providing a very limited amount of “security.”  But I understand that is an opinion and there is room for other opinions of a differing view.  So if you must have a CAPTCHA on the login, then the solution for this is to turn the original WordPress process back on using add_filter to apply the original WP authenticate function; a process I will describe below.

Most CAPTCHA plugins apply their filter at a priority later than the default (10).  If we set our add_filter later on down the line (99 in this example), we will add the filter back after the CAPTCHA plugin has removed it (if you add it back before the CAPTCHA plugin removes it, this wouldn’t work).

add_filter( 'authenticate', 'wp_authenticate_username_password', 99, 3 );

But that alone isn’t really enough.  Just adding the filter back in is the equivalent of turning off the CAPTCHA plugin for the wp-login.php form.  So what’s the point of that, since the plugin has a setting to turn that process off anyway?

We still want the CAPTCHA to function on wp-login.php but not interfere with the front side WP-Members login.  To do that, we can add a condition to the process.  If we check to see if “wp-submit” is not set, we would know that the login is not coming from wp-login.php, and thus we would want to add the filter back in:

if( ! isset( $_POST['wp-submit'] ) ) {
	add_filter('authenticate','wp_authenticate_username_password',99,3);
}

Like most other filters, you can add this code snippet to your theme’s functions.php file or a custom functions plugin file.  There is information on this site on how to use code snippets.

Using this method, you can have a CAPTCHA on your wp-login.php form and still have WP-Members login front side login forms remain functional.

Tips and Tricks add_filter, authenticate, remove_filter, workaround

Welcome to RocketGeek Interactive › Forums › Workaround for WP-Members front end login when using SI CAPTCHA on the WP login form

Tagged: add_filter, authenticate, remove_filter, workaround

  • This topic has 5 replies, 2 voices, and was last updated 6 years, 7 months ago by Chad Butler.
Viewing 3 reply threads
  • Author
    Posts
    • December 20, 2013 at 12:04 pm #3692
      Chad Butler
      Keymaster

      If you use SI CAPTCHA and have enabled it to implement a CAPTCHA on the WordPress login form (the backend login, wp-login.php), you will find that thi
      [See the full post at: Workaround for WP-Members front end login when using SI CAPTCHA on the WP login form]

    • July 29, 2014 at 2:09 pm #5472
      Omarben
      Participant

      What CAPTCHA is available for the wp-members front end login?
      I’m getting ready to launch and going down my security checklist and don’t want wp-members login susceptible to brute force attack?

      • July 29, 2014 at 2:42 pm #5476
        Chad Butler
        Keymaster

        There is no CAPTCHA available for the login at this time.

    • July 29, 2014 at 3:09 pm #5478
      Omarben
      Participant

      I will use limit login attempts pluggin.

      • July 29, 2014 at 3:25 pm #5479
        Chad Butler
        Keymaster

        Let me know how that works out. I do know that some users have used WordFence – some with success, others not. I think it depends on how things are configured.

    • September 4, 2014 at 1:16 pm #5798
      Chad Butler
      Keymaster

      This workaround can be applied for the Math Captcha plugin as well, as long as you change the priority level of the add_filter to 1001 or greater.

  • Author
    Posts
Viewing 3 reply threads
  • You must be logged in to reply to this topic.
Log In

Ready to get started?

Join Today!

© 2021 · butlerblog.com · RocketGeek is built using WordPress, WP-Members, and the Genesis Framework

  • butlerblog.com
  • WP-Members Support Subscription
  • Terms of Service
  • Refund Policy