Tilføjer Google No Captcha ReCaptcha til dit WordPress- og Woocommerce-login, glemt adgangskode og brugerregistrerings sider. Nægter adgang til automatiske scripts, mens det gør det let for mennesker at logge ind ved at markere en boks. Som Google siger, er det “hårdt på bots, let på mennesker.”
Install as normal for WordPress plugins.
Why should I install this plugin?
Many Worpdress sites are bombarded by automated scripts trying to log in to the admin over and over.
The No Captcha is a very simple, Google-supported test to quickly deny access to automated scripts. It is great by itself to instantly make your WordPress site more secure, or can be used with other plugins (like Google Authenticator, Limit Login Attempts, etc.) as part of a defense-in-depth strategy.
There are a lot of other plugins for this, why should I install this one?
I’ve gone to great lengths to try to make sure this plugin is easy to use and install, that it is compatible with different WordPress configurations, supports multiple languages, and that you won’t accidentally lock yourself out of the admin by using it. I use it myself on my own sites as well. So far, it just works.
Does this plugin support [insert name] custom login page plugin?
Probably not. Many custom login form plugins do not call the standard login_form action hook from their login forms, making it impossible to correctly render the captcha after the password prompt. For this reason, this plugin only supports the default wp-login.php and WooCommerce forms. Many such plugins do offer captcha fields (sometimes as a paid upgrade). This plugin tries to do just a few things well.
Does this plugin add a CAPTCHA to comment forms?
No. This plugin is designed to thwart automated hacking attempts, not prevent comment spam. Most good comment plugins have their own spam prevention methods. This plugin tries to do just a few things well.
Does this plugin add a CAPTCHA to custom forms?
No. This plugin is designed to thwart automated hacking attempts, not prevent spam from custom forms. Most good custom form plugins have their own spam prevention methods. Many of them support a CAPTCHA field already. This plugin tries to do just a few things well.
Can I help?
Yes, please. Submit pull requests on github.
I am having trouble with the reCAPTCHA in Internet Explorer
Please see this page for help from Google.
I still see lots of brute force attacks against /wp-login.php in my log files
ReCAPTCHA-pluginet forhindrer ikke forsøget på angreb fra brute force, men snarere vil det blot sikre, at de ikke lykkes. Det vil sige, scripts kan stadig prøve direkte POST-angreb mod /wp-login.php, men uden de korrekte reCAPTCHA-data vil de ikke gennemgå (selvom de har gættet login og adgangskode korrekt). For at forhindre gentagne forsøg på /wp-login.php, skal du overveje at bruge et plugin, som begrænser log ind forsøg sammen med denne. Andre tilgange, såsom en web application firewall, bør også udgøre en del af dit komplette forsvar -in dybdegående strategi.
Where can I learn more about Google reCAPTCHA?
What are your boring legal disclaimers?
This plugin is not affiliated with or endorsed by Google in any way. Google is a registered trademark of Google, Inc. By using reCAPTCHA you agree the terms of service set out by Google. The author provides no warranty as to the suitability to any purpose of this software. You agree to use it entirely at your own risk.
Bidragsydere & udviklere
“Login No Captcha reCAPTCHA” is open source software. The following people have contributed to this plugin.Bidragsydere
– Display information about the security implications of using the whitelist feature
- Backwards compatbility fix for PHP <= 5.5 empty() quirk/bug: https://www.php.net/manual/en/function.empty.php
- Resolve issue whereby captcha could be bypassed for new user registrations introduced in 1.6.9
- Add option to disable default CSS entirely
- Resolves CSS dependency issue causing conflicts on non-login pages
- Prevent information disclosure by only returning error about blank captcha, not login status
- Revert CSS styling changes after multiple reports of problems
- Add German language support
- CSS styling improvement
- Tested with 5.3
- Tested with 5.2
- Using callback to disable submit buttons
- Resolve issue with captcha not displaying on embedded login form on WooCommerce checkout page
- Resolve fatal error with old versions of PHP (reported on 5.4.45)
- Improve error messaging
- Added IP whitelist functionality (thanks @farley1122)
- More comprehensive protection of signup endpoints, including wp-signup.php and my-account page
- Resolve issue introduced in 1.4x whereby captcha was being be bypassed
- ALL USERS STRONGLY ENCOURAGED TO UPDATE FOR SECURITY REASONS AND NOT USE 1.4x
- Align language text domain with plugin tag to allow translation contributions
- Added support for registration forms (thanks to d2roth)
- Align filter/hook calls with codex
- Increase priority (earlier execution) of login checking (prevents unnecessary alerts from e.g. WordFence)
- Fixed bug with fallback to cURL in cases where TLS is misconfigured
- Compatibility fix for use of empty() language construct in php 5.x
- Added experimental support for v3 (hidden for now)
- Added reCaptcha to lost password form
- Added Russian translation
- Tested with 5.0
- Revert lost password form change as it was frontend-only
- Add reCaptcha to lost password form
- Improved Section 508 compliance
- Do not check for noCaptcha values when using a non-WordPress authentication method other than WooCommerce
- Add standard WordPress shake effect to invalid login response
- Do not check for noCaptcha values when using a non-WordPress authentication method
- Fix bug with submit button greyed out on settings page
- Implement noCaptcha for WooCommerce customer login form
- Fixed an important security issue (thanks to jezevec10 for reporting) to harden the reCaptcha-enabled login page against clever bots
- Added French translation (thanks to fdinh)
- Minor bugfix for error reporting
- Bug fix for login form display in admin, testing on 4.5
- Disable login with js until NoCaptcha returns
- Tested compatible with 4.4x
- Improved handling of certain Google responses
- Improved just-in-time script registration (only for admin/login)
- Remove warning about enqueueing css/js too early
- Resolve issue with WordPress hosted on an inaccessible domain (e.g. localhost)
- Resolve bug with wp_remote_post() payload
- Resolve linking issue due to repository maintainers renaming the plugin
- Initial release