Additional verification is required for login

Hi @enna123,

The “Verification Required” emails are sent when Google reCAPTCHA believes the login was automated and not from a human user.? We don’t receive inside information from Google about why a human may sometimes receive a low enough score to always require verification.

You can test the reCAPTCHA scores you and your customers are receiving.? In Wordfence > Login Security > Settings > reCAPTCHA, enable Run reCAPTCHA in test mode.? When this option is enabled, the CAPTCHA will record scores in the chart above but it will not block bots or visitors. This is intended to be used for a short period to decide whether you need to adjust the threshold or to check for conflicts with other plugins or themes. You can read more about test mode at https://www.wordfence.com/help/login-security/#recaptcha?

If a user is being given a false positive then it could be that you need to modify the threshold score. You can modify this score by going to?Wordfence > Login Security > Settings > reCAPTCHA > reCAPTCHA human bot threshold score.?The threshold score is set to 0.5 by default but can be lowered to be more lenient or raised to be more strict.

Let me know how it goes!

Thanks,
Margaret

Hi Margaret,

Thanks for the quick response! I first reset the statistics and then I ran the test. The chart is not showing any results? It’s still empty.

I just noticed something else: if I log in as admin via mydomain.com/wp-admin I have no problem logging in. If I log in as admin (or customer) via mydomain.com/my-account I get the error message. Is it still a recaptcha issue or could it be something else?

Hi @enna123,

Thanks for following up. The error you sent matches the Wordfence reCAPTCHA error message. I have a few questions to get more information.

Test mode allows anyone to log in without requiring verification while it’s enabled. It only keeps track of the score for the login. When you have the reCAPTCHA test mode enabled, are you able to log in at /my-account?

When you log in at /wp-admin, are any scores logged on the Score Statistics table? When test mode is disabled, are any scores logged? Were there scores in the table prior to you resetting the Score Statistics?

Are you using any custom login forms for the /my-account login page? The Wordfence login security features are primarily made for the default WordPress login flow with added compatibility with WooCommerce. We have seen our 2FA and reCAPTCHA fail to work on custom login forms generated by other themes and plugins. If this is the case, you might consider disabling the reCAPTCHA on the WooCommerce login form by unchecking Wordfence > Login Security > Settings > WooCommerce Integration.

Thanks,
Margaret

Hi Margaret,

Yes, when the reCAPTCHA test mode is enabled I am able to log in at /my-account. If it’s disabled I get the error message. Loggin in at /wp-admin is never a problem.

The chart did have scores (all 0.9 if I remeber correctly) before I reset it. After the tests I did not see any results in the chart. I just checked the chart again and it says 2 times a score of 0.9. I don’t know if those were from the test mode or not.

I don’t use any custom login forms for the /my-account login page.

Hi @enna123,

Can you please send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Can you also check the /my-account page login and Wordfence > Login Security > Settings while keeping a Browser Console open to see if you can detect any JavaScript errors or files that fail to load? If you see any red text in the console, please take a screenshot of it and send it to me. You can send those screenshots to wftest @ wordfence . com or send them here.

It may also help to check what Google is seeing. If you view Google’s reCAPTCHA v3 Admin Console, do you see normal score statistics there?

Thanks,
Margaret

Hi Margaret,

Thanks, I just sent the report by email.
I’ve checked the Broswer Console but I don’t see any errors in red.
The reCAPTCHA stats are showing all 0.9 scores (except a couple of 0.1 scores for ContactForm7)

Hi @enna123,

Thank you for providing the diagnostics.

In the Google v3 Admin Console, does the number of requests appear to be tracking the WooCommerce logins or are the total requests missing information like in the Score Statistics table in Wordfence?

Which options are enabled in?Wordfence > Login Security > Settings > WooCommerce & Custom Integrations?

Thanks,
Margaret

The score statistics in Wordfence now show 10 0.9 scores. In the Google v3 Admin Console I see 11 0.9 scores.

Under WooCommerce & Custom Integrations the first and last options are enabled: WooCommerce Integration and Use one-column layout for WooCommerce/shortcode 2FA management interface. “Show Wordfence 2FA menu on WooCommerce account page” and “2FA management shortcode” are disabled.

Hi @enna123,

Thank you for the additional details! From those numbers, I suspect not all of the /my-account logins are connecting successfully with your reCAPTCHA API key. From the diagnostics, I believe you have multiple domains that can be used to access the /my-account page to support different languages. Can you please check if all of your domains have been added to the reCAPTCHA key?

You can add domains in the Google v3 Admin Console by clicking the Settings gear in the top-right corner, and adding the domain in the Domains section. Once you’ve added all 3 domains, please test again and let me know how it goes!

Thanks,
Margaret

That was the issue! I have several ReCAPTCHA sites and I thought the settings were for all the sites. I didn’t realize I had to change settings per site. So the settings were correct for ContactForm7 but not for the main website. I changed this and it works now. Thank you!