描述
A simple captcha for the WordPress login form. To be able to login, the user is required to enter a random 3-digit number in a text field.
The correct number is displayed above the field by a small JavaScript code. Compatible with the WooCommerce login form. Compatible with multisite.
Demo
https://nikolaydev.com/wp-login.php
Simple
- No complicated features
- No settings
- No image generation
- No API
- No sessions
- No cookies
- No IP address detection
- No personal data collection
- No vulnerabilities in the programming code
Recommendation
Bots can also try to login with the XML-RPC feature of WordPress! Very rarely plugins also need this (like the Jetpack plugin). But if you don’t use it, I recommend that you disable it. You can use the super simple one-line plugin Disable XML-RPC.
Notice
This is a simple plugin designed to protect against random bots that try to login on your site. But if a person actually looks at the code of this plugin and specifically designs a new bot that targets this plugin, this bot would be able to bypass the protection.
屏幕截图
WordPress login form with the simple captcha 
Viewing the number of blocked and passed requests this month
安装
Simply install and activate the plugin, like you would any normal plugin. There are no settings.
- Visit your Plugins Add New Screen
- Find the plugin by searching for: Simple Login Captcha
- Install the plugin, by clicking the “Install Now” button
- Activate the plugin, by clicking the “Activate” button
评价
2021年4月21日
Typing in any 3 numbers logs you right in, a waste of time and a false sense of security
2020年12月28日
First of all great job Nikolay for offering this simple yet effective plugin.
Deployed this in a few of my clients' sites to conduct A/B testing.
Set-up : Usual wp installation with Wordfence to alert login attempts. Login is coursed through the usual wp-login URL.
Test 1 : With Google Captcha V2 Activated integrated through Wordfence : 30 days with notification regarding users being locked on in loging in. Tested for 30 Days
Test 2 : With hcaptcha installed, same with Test 1. Tested for 30 Days.
Test 3: With Simple Login Captcha, No notifications for the past 2 weeks.
You may argue that the developer must not use the word captcha . But for me , effectiveness comes first.
Will monitor and revise my review if I see any issues.
2020年12月16日
Less is more. Simple plugin, that exactly do what it have to do.
Does it save?
- YES - if you look for simple, user friendly solution to block automatic bruteforce attacks to wp-login or dummy users registration, and aren't messing with database and UX
- NO - if you need real secure mechanism to block attacks designed for your webpage
Choose what you need.
2020年12月15日
Very Easy and Great Plugin
2020年2月27日
I have to spend 5 minutes of my life to get an account to just leave a comment. For all people who gonna install this stupid plugin, please stop!
This plugin is SUPER stupid, it's NOT a "captcha" at all, it use Javascript to generate 3 random number and that script can be easily found in your html code.
Basically speaking, the point of having captcha is about to block spam and brute force attacks, captcha MUST be an image or something that robot cannot read. But in this case, I can just write a few lines of code to get the answer for the "captcha" and continue to spam login.
Wordpress should consider to remove this stupid plugin from the market.
2020年2月12日
Great! This is very a good solution to use when need safe and fast option to secure your login. Thanks!
贡献者及开发者
更新日志
1.3.3 – 11 April 2021
- Added: Compatibility with front-end login forms that use the wp_login_form function (but the form must not be cached by a caching plugin).
1.3.2 – 16 December 2020
- Added: Translated language files for Polish (thanks to Karol).
1.3.1 – 16 December 2019
- Fixed: The language files were not loaded if they were only present in the plugin languages folder (and not in wp-content/languages/plugins).
1.3.0 – 13 December 2019
- Added: Compatibility with the WooCommerce login page.
- Added: Translated language files for German (thanks to Tilo).
- Improved: The gray container of the security code now has a slight border.
1.2.0 – 10 September 2019
- Improved: In a multisite, when activated on separate sub-sites only, now uses one global database table.
- Fixed: In a multisite, when network activated, it would not work in login pages of separate sub-sites. It would work only on the main site login page, and on the login pages for other site, it would not let anyone in.
- Fixed: Changed the label tag surrounding the “Security Code” text, to a span tag. Since there is no field to fill there, it was not correct to use it.
1.1.0 – 4 May 2019
- Improved: The correct number is now displayed as a result of a small JavaScript calculation (so not in plain text).
- Updated: Language files.
1.0.0 – 11 April 2019
- Initial release.