SI CAPTCHA Anti-Spam – CAPTCHA does not work on Login page

[b-cat]

I’m using BPS Free and SI CAPTCHA Anti-Spam (SICAS) plugins. When BPS and SICAS are both activated, BPS works fine, but SICAS does not. Specifically, SICAS displays a CAPTCHA image and the input box on the login page, but it does not block the login if the input code is wrong or blank! The login is allowed as if there were no CAPTCHA requirement at all. When I deactivate BPS, suddenly SICAS works fine, and it blocks improper logins, improper CAPTCHA code inputs, etc. So, something is happening when BPS is activated that is interfering with the operation of SI CAPTCHA Anti-Spam. Any suggestions?

[AITpro Admin]

Yes, we are aware of this.  What is happening is SI CAPTCHA Anti-Spam is using the same WordPress authenticate function that BPS is using on the Login page.  Obviously 2 plugins cannot be trying to do the same or very similar things without there being some sort of competition/conflict.  BPS overrides SI CAPTCHA Anti-Spam on the Login page and Registration to the site.

Your options are these:
Go to the SI CAPTCHA Anti-Spam settings page and uncheck CAPTCHA settings for Login and Registration.
or
Turn Off BPS Login Security.

[AITpro Admin]

If you would like to block spammers, spam registrations, comment spammers and Brute Force Login attacks see this Forum link below.
http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/

[b-cat]

I turned off BPS Login Security, and that solved the problem! Thanks! All the other BPS functionality remains, which is great. I didn’t want to turn off SI CAPTCHA on the login page, since that is the primary reason I’m using that plugin.

[b-cat]

At some point, I believe BPS fixed the above problem, allowing us to turn ON BPS Login Security without breaking the SI-Captcha plugin. Now, perhaps in a recent BPS update, SI-Captcha has now been terminated again by BPS, and the two plugins only appear to be compatible if I turn OFF BPS Login Security. I’d really like to be able to turn ON BPS Login Security without losing my Captcha capability. Any suggestions?

[AITpro Admin]

Both BPS and SI Captcha Anti-Spam are working correctly.  They are not conflicting and there is actually not any sort of problem at all.  Both plugins are hooking into the WordPress authenticate filter and it just so happens that BPS is overriding SI Captcha Anti-Spam.  Other Login Security and Login plugins that are hooking into the WordPress authenticate filter override BPS Login Security.  There are a lot of WordPress Hooks – Actions and Filters that can be shared by several plugins at the same time.  The authenticate filter is not one of them.  Only 1 plugin is allowed to call and use the authenticate filter at a time.  That is just how it is.  Nothing is wrong, broken or not working or conflicting – that is just what is.

SI Captcha Anti-Spam code that is hooking into the WordPress authenticate filter
add_filter('authenticate', array( &$si_image_captcha, 'si_wp_authenticate_username_password'), 9, 3);

BPS code that is hooking into the WordPress authenticate filter
add_filter('authenticate', 'bpspro_wp_authenticate_username_password', 20, 3);

[b-cat]

Thanks for this info, that explains a lot. Maybe I didn’t realize that BPS was overriding SI-Captcha all this time.

I have found another Captcha plugin that does not appear to conflict with BPS (or maybe it is overriding BPS…??? I hope not.).

The new plugin I’m using is just called “Captcha” by BestWebSoft ( http://wordpress.org/plugins/captcha/ ) , and uses a simple math-solving feature to confirm that a human is logging in. It does not appear that BPS is overriding this plugin because it does block logins where the math problem is not solved correctly, so maybe “Captcha” is using a different hook than BPS…?

Does this look like a good plugin to use alongside BPS Login Security?

[AITpro Admin]

“conflict” is not the correct wording/terminology in this pariticular case since everything is working normally/correctly/as it is intended to work by WordPress.  I believe the best way to phrase this particular issue would be “competing for usage of a WordPress Hook that only allows 1 plugin/singular usage at a time”.  An analogy could be something like this:  there is 1 steering wheel in a normal/average car that is designed for only 1 person to steer a car.

If both plugins are working normally and not competing for singular usage of the WordPress authenticate filter then yep that would mean that “Captcha” is not calling or using the WordPress authenticate filter.  I have never used that plugin and don’t know anything about it.  What I recommend is that you do some homework.  ie read what other people are saying, check that plugin’s forum support, do some Google searches to see what folks are saying about that plugin.  We use JTC Anti-Spam|Anti-Hacker of course on all of our websites.  😉

[Author]

Posts