Login issue – Google reCAPTCHA failed. Is it should be related to the settings

I don’t think the login protection is the issue.
Did you check the firewall’s log if there was anything related to it (NinjaFirewall > Logs).
Did you enable any policy from the “Firewall Policies > Advanced Policies > HTTP response headers” section?

Hello @nintechnet ,

1. I didn’t enable any policy
2. I tried to look up something that might be related to it in NinjaFirewall > Logs. Belows are some of them.

Some logs before disabled the Login Protection of NinjaFirewall.

19/Dec/22 18:54:30  #5379947  MEDIUM       -  207.46.13.198    GET /wp-login.php - Blocked access to the login page - [bot detection is enabled] - yourz.com.tw
19/Dec/22 18:54:37  #6513050  MEDIUM       -  207.46.13.198    GET /wp-login.php - Blocked access to the login page - [bot detection is enabled] - yourz.com.tw
19/Dec/22 19:11:43  #2787087  INFO         -  223.137.149.12   HEAD /index.php - Sanitising user input - [HTTP_USER_AGENT: Mo%20PTT/2022112100 CFNetwork/1399 Darwin/22.1.0] - yourz.com.tw
19/Dec/22 19:11:44  #3692781  INFO         -  223.137.149.12   HEAD /index.php - Sanitising user input - [HTTP_USER_AGENT: Mo%20PTT/2022112100 CFNetwork/1399 Darwin/22.1.0] - yourz.com.tw
19/Dec/22 19:11:44  #4876862  INFO         -  223.137.149.12   HEAD /index.php - Sanitising user input - [HTTP_USER_AGENT: Mo%20PTT/2022112100 CFNetwork/1399 Darwin/22.1.0] - yourz.com.tw
19/Dec/22 19:13:29  #3255489  INFO         -  223.137.149.12   HEAD /index.php - Sanitising user input - [HTTP_USER_AGENT: Mo%20PTT/2022112100 CFNetwork/1399 Darwin/22.1.0] - yourz.com.tw
19/Dec/22 19:13:30  #5223583  INFO         -  223.137.149.12   HEAD /index.php - Sanitising user input - [HTTP_USER_AGENT: Mo%20PTT/2022112100 CFNetwork/1399 Darwin/22.1.0] - yourz.com.tw
19/Dec/22 19:38:04  #4901196  INFO         -  42.77.31.161     HEAD /index.php - Sanitising user input - [HTTP_USER_AGENT: Mo%20PTT/2020120901 CFNetwork/1390 Darwin/22.0.0] - yourz.com.tw
19/Dec/22 19:44:51  #8208983  MEDIUM       -  66.249.66.14     GET /wp-login.php - Blocked access to the login page - [bot detection is enabled] - yourz.com.tw
19/Dec/22 20:00:52  #4556881  INFO         -  111.242.220.30   HEAD /index.php - Sanitising user input - [HTTP_USER_AGENT: Mo%20PTT/2022112100 CFNetwork/1240.0.4 Darwin/20.6.0] - yourz.com.tw
19/Dec/22 20:00:53  #5328875  INFO         -  111.242.220.30   HEAD /index.php - Sanitising user input - [HTTP_USER_AGENT: Mo%20PTT/2022112100 CFNetwork/1240.0.4 Darwin/20.6.0] - yourz.com.tw
19/Dec/22 20:22:44  #8255904  INFO         -  114.119.152.161  GET /index.php - Sanitising user input - [HTTP_REFERER: https://tw.carousell.com/p/%E8%BD%89%E8%B3%A3-%E7%B6%93%E5%85%B8%E8%B3%AA%E6%84%9F%E9%95%B7%E7%89%88%E9%A2%A8%E8%A1%A3%E5%A4%96%E5%A5%97-%E8%B3%BC%E8%87%AAyourz-213777647/] - yourz.com.tw
19/Dec/22 20:23:12  #8327193  INFO         -  114.119.152.161  GET /index.php - Sanitising user input - [HTTP_REFERER: https://tw.carousell.com/p/%E8%BD%89%E8%B3%A3-%E7%B6%93%E5%85%B8%E8%B3%AA%E6%84%9F%E9%95%B7%E7%89%88%E9%A2%A8%E8%A1%A3%E5%A4%96%E5%A5%97-%E8%B3%BC%E8%87%AAyourz-213777647/] - yourz.com.tw
19/Dec/22 20:34:11  #3788247  MEDIUM       -  66.249.66.74     GET /wp-login.php - Blocked access to the login page - [bot detection is enabled] - yourz.com.tw

Some logs after disabled the Login Protection of NinjaFirewall.

20/Dec/22 14:31:43  #1514651  INFO         -  1.161.125.218    POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/users.php?s=lyng.ec.2146%40gmail.com&action=-1&new_role&paged=1&action2=-1&new_role2] - yourz.com.tw
20/Dec/22 14:31:44  #6140796  INFO         -  1.161.125.218    GET /wp-admin/user-edit.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/users.php?s=lyng.ec.2146%40gmail.com&action=-1&new_role&paged=1&action2=-1&new_role2] - yourz.com.tw
20/Dec/22 14:31:44  #3801823  INFO         -  1.161.125.218    POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=788&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dlyng.ec.2146%2540gmail.com%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%26new...] - yourz.com.tw
20/Dec/22 14:31:55  #1895498  INFO         -  1.161.125.218    POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=788&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dlyng.ec.2146%2540gmail.com%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%26new...] - yourz.com.tw
20/Dec/22 14:31:56  #7300723  INFO         -  1.161.125.218    GET /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=788&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dlyng.ec.2146%2540gmail.com%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%26new...] - yourz.com.tw
20/Dec/22 14:31:56  #2437539  INFO         -  1.161.125.218    GET /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=788&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dlyng.ec.2146%2540gmail.com%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%26new...] - yourz.com.tw
20/Dec/22 14:32:10  #6488964  INFO         -  1.161.125.218    POST /wp-admin/user-edit.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=788&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dlyng.ec.2146%2540gmail.com%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%26new...] - yourz.com.tw
20/Dec/22 14:32:11  #7855454  INFO         -  1.161.125.218    GET /wp-admin/user-edit.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=788&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dlyng.ec.2146%2540gmail.com%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%26new...] - yourz.com.tw
20/Dec/22 14:32:12  #6289179  INFO         -  1.161.125.218    POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=788&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dlyng.ec.2146%2540gmail.com%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%26new...] - yourz.com.tw
20/Dec/22 14:32:20  #8954183  INFO         -  1.161.125.218    GET /wp-admin/users.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=788&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dlyng.ec.2146%2540gmail.com%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%26new...] - yourz.com.tw
20/Dec/22 14:32:24  #3838310  INFO         -  1.161.125.218    POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/users.php?s=sylvia_100329%40yahoo.com.tw&action=-1&new_role&paged=1&action2=-1&new_role2] - yourz.com.tw
20/Dec/22 14:32:25  #6599308  INFO         -  1.161.125.218    GET /wp-admin/user-edit.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/users.php?s=sylvia_100329%40yahoo.com.tw&action=-1&new_role&paged=1&action2=-1&new_role2] - yourz.com.tw
20/Dec/22 14:32:26  #1821333  INFO         -  1.161.125.218    POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=790&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dsylvia_100329%2540yahoo.com.tw%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%2...] - yourz.com.tw
20/Dec/22 14:32:36  #2109141  INFO         -  1.161.125.218    POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=790&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dsylvia_100329%2540yahoo.com.tw%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%2...] - yourz.com.tw
20/Dec/22 14:32:37  #3521848  INFO         -  1.161.125.218    GET /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=790&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dsylvia_100329%2540yahoo.com.tw%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%2...] - yourz.com.tw
20/Dec/22 14:32:37  #5857670  INFO         -  1.161.125.218    GET /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=790&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dsylvia_100329%2540yahoo.com.tw%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%2...] - yourz.com.tw
20/Dec/22 14:32:39  #2687540  INFO         -  1.161.125.218    POST /wp-admin/user-edit.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=790&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dsylvia_100329%2540yahoo.com.tw%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%2...] - yourz.com.tw
20/Dec/22 14:32:39  #8418613  INFO         -  1.161.125.218    GET /wp-admin/user-edit.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=790&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dsylvia_100329%2540yahoo.com.tw%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%2...] - yourz.com.tw
20/Dec/22 14:32:40  #3094880  INFO         -  1.161.125.218    POST /wp-admin/admin-ajax.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=790&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dsylvia_100329%2540yahoo.com.tw%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%2...] - yourz.com.tw
20/Dec/22 14:33:31  #1241912  INFO         -  1.161.125.218    GET /wp-admin/users.php - Sanitising user input - [HTTP_REFERER: https://yourz.com.tw/wp-admin/user-edit.php?user_id=790&wp_http_referer=%2Fwp-admin%2Fusers.php%3Fs%3Dsylvia_100329%2540yahoo.com.tw%26action%3D-1%26new_role%26paged%3D1%26action2%3D-1%2...] - yourz.com.tw

But I’m not sure what kind of keyword or content I should find out. Could you suggest me some?

Thanks,
Green

• This reply was modified 2 years, 2 months ago by Green.

There’s nothing in the log that seems related to your issue. However, according to what I can see, I would recommend to deactivate this policy: Firewall Policies > Intermediate Policies > HTTP_REFERER server variable > Sanitise HTTP_REFERER.

If you disable NinjaFirewall, does Google reCAPTCHA work?

Hello @nintechnet ,

The live site is running public now, so it’s hard to test on it through try & error one by one. Currently, I disabled Advanced Google reCAPTCHA and NinjaFirewall both.

I’ve created a staging site from the current live site, NinjaFirewall plugin is disactivated and Advanced Google reCAPTCHA plugin is activated. I did some test with different emails to try to login and click the “forgot password?” to ask to reset the passwords. There is no that kind of issue happen with Advanced Google reCAPTCHA activated under this environment.

Will it be helpful if I send an info of staging site with another set of Google reCAPTCHA for you?

Thanks,
Green

Hello @nintechnet ,

Sorry, I’ve just found that I forgot to upload other screenshots with the error message of Google reCAPTCHAR before your reply.

The rest related screenshots has been added to the same imgur link, please see it on: Imgur: The magic of the Internet

Thanks,
Green

Have you try to only disable the login protection option, but keep the firewall activated?
You can also check for errors (JS etc) by opening your browser’s console: CTRL + Shift + J

Hello @nintechnet ,

Yes, I have already disabled the login protection of NinjaFirewall since I submitted this ticket.

As you can see in the screenshot below.

https://imgur.com/DN2KKEO

The reCAPTCHA failed message appears when the login protection option of NinjaFirewall is disabled (and with the settings follow the suggestion from your previous reply), but the issue doesn’t appear when the NinjaFirewall plugin is deactivate. That’s why I think there could be some cause and settings that need to be adjusted for making sure the Google reCAPTCHA work as usual.

May I create a temporary login link for you to helping me check it through the backend of my staging site? I tried to search an email for setting the login link, but there’s no email listed on your official site.

Here’s the /my-account/ page link of my staging site in the environment I mentioned (Advanced Google reCAPTCHA and NinjaFirewall are both activated, the login protection of NinjaFirewall is disabled): https://staging-yourzcomtw-staging.kinsta.cloud/my-account/

Please set this reply as private if you can.

Thanks,
Green

Hello @nintechnet ,

Are you still following this topic?

I can’t reproduce the problem. I tested both plugins together with NinjaFirewall running in either “Full WAF” or “WordPress WAF” mode, with and without the login protection, and Advanced Google reCAPTCHA set to either v2 or v3. It always worked.

Try to export your firewall’s configuration and to reset its policies:
1. Go to “Firewall Options > Export configuration” and download your configuration (File Check configuration won’t be saved).
2. Go to “Firewall Policies”, scroll down to the bottom of the page and click “Restore Default Values”.
3. Does the captcha work?
To restore your firewall’s configuration, go back to “Firewall Options” and import the saved file.

Hello @nintechnet ,

In fact, I can’t produce similar reCAPTCHA error messages on the staging site which is with the NinjaFirewall plugin and the Advanced Google reCAPTCHA plugin both activated in recent days.

I’m not sure whether the number of visitors who try to log in or reset their passwords matters.

I’ve done step1and step2, I found there are two differences between the Firewall Policy restored before and after.

1. Block attempts to publish, edit or delete a published post by users who do not have the right capabilities (recommended)
   checked -> unchecked
2. HTTP_REFERER server variable – Sanitise?HTTP_REFERER: YES
   NO -> YES

PS. Before restored to default ->After restored to default.

Is any of them might relate to this situation?

May I check this option “Block attempts to publish, edit or delete a published post by users who do not have the right capabilities (recommended)”?

I’m trying to activate on the live both of staging site and live site. The Advanced Google reCAPTCHA plugin has been remained deactivated temporarily.

I think I will try not to restore the configuration but make a new setting if I need instead for avoiding other unknown causes.

Thanks,
Green

Disabling the “Sanitise HTTP_REFERER” is better for you (according to your logs), even if it may not be related to your issue.

I don’t think the “Block attempts to publish a post” policy is the problem because it would be written to the logs too, and you would even receive a notification by email when it is triggered.

Hello @nintechnet ,

Sorry for replying late. Your suggestions and guides are helpful!

I’ve re-checked the related settings of NinjaFirewall with your suggestions, and have done some tests.

In conclusion, I activated both of the plugins NinjaFirewall with Login Protection and Advanced Google reCAPTCHA plugin on the live site.

I’ve unchecked the option “Enable for Login?(Applies for default login, WooCommerce & Easy Digital Downloads logins) of the Advanced Google reCAPTCHA plugin to avoid the error message caused by trying to log in with the wrong password of the old site too many times. But, I made the options including Enable for Register, Enable for Lost Password, Enable for Comment Form, and Enable for WooCommerce Register stay activated.

So, these two plugins can exist at the same time on this WooCommerce site now as my original plan to make the site be more professional no matter on the back end or the front end with a balance user experience.

Thank you very much,
Green