I have a custom login form which has worked correctly for years.
It is available as a menu item on the site's home page. hidden link
If the correct user name and password are entered then the user is logged in and is returned to the site's home page.
Recently an automatic 'bot check' function has appeared which does not require any user interaction. However instead of redirecting the user to the site's home page, it takes you to the standard WordPress Login Page and you have to start the login process all over again.
The custom template code is as follows:
<br>
<br>
<div class="logborder">
<h4>
Log In to About Dereham
</h4>
[wpv-login-form redirect_url="hidden link"]
<br>
<br>
</div>
<br>
<br>
CSS
.page-id-16 .entry-content {
background-color: #f1f1f1;
}
.logborder
{
max-width: 320px;
margin: auto;
background: white;
border: 1px solid #e5e5e5;
border-radius: 3px;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.05), 0 0 2px rgba(0, 0, 0, 0.05);
text-align: center;
}
form#loginform input#user_login {
JS
$('#user_login').attr('placeholder', 'Username');
$('#user_pass').attr('placeholder', 'Password');
$('<i class="glyphicon glyphicon-user">').insertBefore('#user_login');
$('<i class="glyphicon glyphicon-lock">').insertBefore('#user_pass');
I checked on Wordfence and reCAPTCHA on login is not enabled, so I do not know what is causing this new login behaviour. Can you help please.
Hi,
Thank you for contacting us and I'd be happy to assist.
I saw the 'checking for bot' message only the first time when I tried to submit the login form. But couldn't see it again, despite multiple attempts and changing browsers.
If you're sure that security plugins on your website are not adding this feature, then you can consult your hosting support or CDN provider (if you're using one), to confirm if they have added any extra security layer.
regards,
Waqar
Thanks Waqar
Yes I don't get the 'checking for bot' message every time. I'm not sure when it is triggered.
I have raised a ticket with my hosting provider. Can we please leave this ticket open till I hear back from them.
Regards
Robert
Hi Robert,
Thanks for the update and the ticket will stay open for a couple of weeks.
regards,
Waqar
Hi Waqar
I have been able to confirm that the bot checking function is not being added by my hosting provider and is not a core WordPress feature.
Can you confirm that Toolset has not added any bot checking feature to any of its plugins?
Would you be willing to have a look at the cookie list for the login page and see if you can identify which plug-in might be causing the issue?
I tried clearing all cookies in my chrome browser but the bot check did not happen when I logged in the next time. So that is a mystery?
It is a live site and not easy to turn off plug-ins without losing functionality, hence my difficulty to identify the problem.
Regards
Robert
I can confirm that Toolset has not added any bot checking feature, in any of its plugins.
If it is not coming from the hosting server or a CDN provider, then it has to be from some other plugin active on the website.
( please do look out for any drop-in or must-use plugin - hidden link )
About cookies, yes I did check the list, but couldn't find anything conclusive, unfortunately.
Hi Waqar
The guys at Wordfence were able to identify the cause from the exact wording of the 'bot' pop up message. It is a new 'feature' of the Litespeed server software. The hosting provider initially claimed it was not a server related issue but now they have had a change of heart! They have put in a bypass patch for my site so the bot pop up won't happen. They apologised for giving us wrong information initially.
Thanks for your help.
Regards
Robert
