Is captcha at Login page neccessary?

Earlier when i used to login, there comes a math question to solve. It stopped coming after i updated theme. can i do something to start it again ? Is it necessary feature ? or i should not care about it disappearance. @GulshanKumar @abhishek @saurav_556

Were you using JetPack protect module?

I find changing the login path to work better than this. You can also enable 2 factor authentication for better security.

There is plugin on codecanyon names WProtect, which helps me a lot to maintain the security on my site from both backend and frontend side. Simple, light but effective.

And for login the plugin has

  1. Hide WP Admin
  2. Redirect WP Admin
  3. Replace WP Admin
  4. Filter Request
  5. recptcha to prevent auto requests
  6. Disallow file edit

Yes ! i am still using it.

No.

Just keep strong password.

1 Like

Captcha, Hard on Bot, easy on humans, Then why we should not put captcha to block auto generated queries?

Instead of captcha, I follow the following practices to secure my accounts.

  1. Always use a strong password combination (Uppercase, Lowercase, special characters, numbers).
  2. I never used any names of humans, animals, objects, places, etc. Instead a random fingered key taps.
  3. Minimum password length is 11 char
  4. Will change passwords every month first sunday and update my records.
  5. I maintain an excel which consists of all passwords and stored locally.
1 Like

Let suppose that one day, your system has crashed. then?

I have a auto-mated system that will take two backups in different hard-disk at the end of the day.
So no need to worry about it. Since I am running an office, all works by the staff will be taken backup between 07.00pm to 08.00pm IST through an automated software.
Similar like R1Soft CDP policy.

I do have a Backup Policy like Password Policy for my personal belongings as well as business.

Either we add captcha or not bot will still attack /wp-login.php page

As long there is unique username and password it would be tough to crack.

Each plugin add some bug and security issues, it’s better to avoid as much as possible.

Better alternative

  • HTTP Auth with fail2ban