Adds a simple 3-digit text captcha on the login form.
|Author:||Nikolay Nikolov (profile at wordpress.org)|
|WordPress version required:||3.5|
|WordPress version tested:||6.0|
|Added to WordPress repository:||11-04-2019|
|Total downloads:||25 230|
|Active installs:||10 000+|
Click to start download
A simple captcha for the WordPress login form. To be able to login, the user is required to enter a random 3-digit number in a text field.
- No complicated features
- No settings
- No image generation
- No API
- No sessions
- No cookies
- No IP address detection
- No personal data collection
- No vulnerabilities in the programming code
Bots can also try to login with the XML-RPC feature of WordPress! Very rarely plugins also need this (like the Jetpack plugin). But if you don’t use it, I recommend that you disable it. You can use the super simple one-line plugin Disable XML-RPC.
This is a simple plugin designed to protect against random bots that try to login on your site. But if a person actually looks at the code of this plugin and specifically designs a new bot that targets this plugin, this bot would be able to bypass the protection.
WordPress login form with the simple captcha
Viewing the number of blocked and passed requests this month
1.3.3 – 11 April 2021
- Added: Compatibility with front-end login forms that use the wp_login_form function (but the form must not be cached by a caching plugin).
1.3.2 – 16 December 2020
- Added: Translated language files for Polish (thanks to Karol).
1.3.1 – 16 December 2019
- Fixed: The language files were not loaded if they were only present in the plugin languages folder (and not in wp-content/languages/plugins).
1.3.0 – 13 December 2019
- Added: Compatibility with the WooCommerce login page.
- Added: Translated language files for German (thanks to Tilo).
- Improved: The gray container of the security code now has a slight border.
1.2.0 – 10 September 2019
- Improved: In a multisite, when activated on separate sub-sites only, now uses one global database table.
- Fixed: In a multisite, when network activated, it would not work in login pages of separate sub-sites. It would work only on the main site login page, and on the login pages for other site, it would not let anyone in.
- Fixed: Changed the label tag surrounding the “Security Code” text, to a span tag. Since there is no field to fill there, it was not correct to use it.
1.1.0 – 4 May 2019
- Updated: Language files.
1.0.0 – 11 April 2019
- Initial release.