Multisite JTC CAPTCHA allows login with no or wrong captcha on sub-sites

[Terri Zx]

I have a multi-site with 2 sub-sites. I just discovered that although I have JTC CAPTCHA set for both the main and sub-sites, it only works on the main site. I.e., I can log into the sub-sites with the CAPTCHA box blank or filled with something other than the JTC CAPTCHA that is set under Login Security for that sub-site.

This happens whether I am logged into the main site or not.

[AITpro Admin]

Sounds like you are using another Login plugin or theme or Login Security plugin on the subsites.  The WordPress Login page is a special case that only has 3 WordPress hooks for Login processing.  Only 1 plugin or theme is allowed to handle WordPress Login processing. Whichever plugin or theme loads its Login hooks first will override any other plugin or theme that is also trying to process WordPress Logins.  Do you have any other plugins that handle WordPress Login processing? Does your theme do that.  ie a membership Theme?

[Terri Zx]

Thanks for the quick reply 🙂

I’m using the Divi theme on the main site as well as both sub-sites (and all my other sites that have BPS Pro installed. There is no other login processing, membership, etc. Nothing special about the sites, brochure-type (e.g. https://thecrumpler.com/)

[AITpro Admin]

Your Primary site Login page looks fine.  Post the URL’s to the Subsites so I can check their Login pages.

[Terri Zx]

Hmm, the link I gave you was one of the sub-sites. Yes it looks fine, but if you have a correct login, you can get no matter what you put in the JTC CAPTCHA box – even nothing.

Main site is https://amicobranddesign.com/

Subsites: https://thecrumpler.com/ & https://annmarieamico.com/

[AITpro Admin]

hmm yeah that is odd. It looks like you are doing some sort of Domain Mapping, but normally that should not matter.  Try something really simple – resave the JTC option settings and see if that works.

If that does not fix the problem then my guess would be that either the Domain Mapping plugin you are using has some sort of issue going on and/or there is some sort of database issue going on. Let me know what happens after resaving JTC option settings. I’d be glad to login to your site and see if I can figure out the problem if it comes to that. 😉

[Terri Zx]

Domain mapping is native as of WP 4.5 – so, no plugin involved.

I re-saved the JTC settings on the main site and one of the sub-sites. Logged out of the sub-site, logged back in w/random JTC, and unfortunately was able to get in. 🙁

I can set you up with a super-admin account, how do I communicate that to you privately?

[AITpro Admin]

You can send the Super Admin login info to: info at ait-pro dot com. I may also need to look at your database, but let’s wait on that for now.

[Terri Zx]

Email sent – sorry for the multiples.

[AITpro Admin]

Ah ok I figured it out.  At some point you changed your Network subsite DB tables.  The DB tables are 2, 4 and 7 instead of 2, 3 and 4.  So what I did was to use the Setup Wizard > Setup Wizard Options > Network|Multisite Sitewide Login Security Settings and Network|Multisite Sitewide JTC Anti-Spam|Anti-Hacker Settings option settings and clicked the Save button for each of these Network|Multisite options. This resaved the LSM and JTC settings to the new subsite DB tables.  Why resaving JTC settings on each subsite did not work is odd, but the issue was some sort of subsite DB table issue.  Oh and I did check/test to make sure that changing any LSM and JTC option settings on each subsite works and that worked fine.

[Terri Zx]

Ah! Excellent. I didn’t even notice there were any Setup Wizard Options lol.

Thank you so much!!!

[AITpro Admin]

Well normally you would not have to use those Setup Wizard option settings to fix this type of issue. Those Setup Wizard options were not created for that reason. They were created for the scenario where someone has a Network site that has a lot of subsites. So that someone could save the LSM and JTC option settings to all subsites with 1 click. Since I wrote that code I knew it would fix this type of subsite DB problem. 😉

[Author]

Posts