PLEASE URGENT NEED OF HELP

  • Hi all and happy Easter.
    I’m sorry but I need your urgent help.

    History:
    one of our WP sites (the one of my wife) has bbpress forum and blog pages.
    Being constantly under massive attack from spam, and since all previous solutions did not work (Akismet, Banhammer, reCAPTCHA v3, reCAPTCHA v2 for bbpress fourm), today I deleted bbpress reCAPTCHA plugin and installed your reCAPTCHA plugin.
    (NOTE: I have to say that the situation is non-standard (not “normal” spambots): unfortunately my wife is under attack from a real stalker in real life: we tried all, he was also comdamned from tribunal to one year of inprisonment, but then , but then, after the prison, he started again worse than before. He asked help to some hackers to continue pursuing).

    Problem:
    I installed your reCAPTCHA plugin leaving unchanged another reCAPTCHA v3 (the one that acts autonomously). So I installed it as a supplement: I set it as v2 with necessary user intervention.
    Then I added all forms, included the WP admin login (even for already registered users and admin, myself): I’m sure you understand the reason for which I set the maximum protection.

    Since I exited the admin area, when I tried to re-enter two minutes later, it won’t allow me to re-enter (!).
    I carry out all the necessary operations, insert user and password as administrator and it says “incorrect user or password” (!!!) I’m blocked and can’t log in anymore!

    I have two concerns:

    • that the two installed reCAPTCHAs block access to each other
    • that the hackers had previously inserted a code so that when I set this protection it also blocked me

    Please, can you suggest me what to do in this case?
    Of course I have all my passwords and reCAPTCHA keys, but don’t know if I can deactivate them from Google area.
    Thank you for your help. EXTREMELY URGENT.
    Mauro

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter Mauro Vicariotto

    (@mrosfy)

    update: I found a solution which frankly dislike, but necessary: entered via FTP and deactivated your plugin from there, so it was possible to enter as admin and then deactivated the option “apply on login form”

    now works … but once I used this trick (now login form has no reCAPTCHA) immediately entered 3 new spam

    please explain me the issue: if I select “login form” even the admin cannot enter “incorrect password” !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Plugin Author robertabela

    (@robert681)

    Thank you for trying our plugin @mrosfy.

    I am sorry to read about your issue. The plugin does not control / has anything to do with credentials, so if you are getting a “failed login” error, this might be triggered by another plugin. Can you send us a screenshot of the actual error you are getting when you try to log in?

    Also, are you adding CAPTCHA to your WordPress login page, or the bbPress login page?

    In regards to the plugins, having two CAPTCHA plugins installed together does not have any benefits. You should stick to using only one and make it easier for you to manage, and reduce the risks of conflicts and similar problems.

    Looking forward to hearing from you.

    Thread Starter Mauro Vicariotto

    (@mrosfy)

    Hi Robert, thank you for your answer.

    My replies below:
    1) I was usre that your plugin can’t affect the credentials.
    However, since I keep under frequent control all our websites, I can confirm you that no plugins block the credentials.
    This means that the shady person added some malware that intervenes by blocking me in case of my protection.
    This is a good direction for my researches.
    2) as explained I added reCAPTCHA everywhere: forum, blog and login (this since the previous reCAPTCHA installations didn’t
    protect enough)
    3) yes, obviously two reCAPTCHA do not have more benefit, in fact my intention was to delete the first one (the v3)
    4) the only thing I can tell you is that once I was blocked in admin login,
    I entered inhibiting your plugin folder (adding __ to the end of the name), and once locked I could immediately login.

    So there is something concerning protection and credentials (as above, might be some malware …)

    Later send you screenshot, thank you.
    Mauro

    Thread Starter Mauro Vicariotto

    (@mrosfy)

    Robert, just tried to place again the CAPTCHA on admin login and again I’m blocked. I have a screenshot but cannot attach here. Here the link to image in dropbox: https://www.dropbox.com/s/0dgo3axudamnnl6/Immagine%202023-04-10%20214512.png?dl=0

    Then again opened the site dir via FTP, added “_” at the end of advanced_nocaptcha_recaptha plugin folder name and can enter normally .. then I go to plugin placement settings, unflag again “Login form” and have normal access with my admin credentials

    Thread Starter Mauro Vicariotto

    (@mrosfy)

    230411 update:

    SORRY ROBERT, I checked in depth and confirm you that the cause was the second (invisible) reCAPTCHA v3: with two reCAPTCHA active they enter in conflict and even inhibit the admin login credentials !

    I studied this with html inspect tools, and I can confirm 101% that once the second reCAPTCHA is deactivated, with your plugin setting “place to login form” it works properly: no longer “incorrect user or password”.

    This is a bug generated by “invisible reCAPTCHA” plugin or by reCAPTCHA itself: in any case absurd and very dangerous consequence that the admin is blocked for “incorrect password” … dangerous because not all admin are able to solve this severe issue via FTP and not all admin have the experience to study html and scripts. So this could cause a real disaster for some not expert users.

    I strongly suggest you to add an alert on this case: “notice: if other reCAPTCHA added to website or other plugins managing other reCAPTCHA do not place on login form or you will beblocked” … something like this.

    I’m at full disposition if you need results of my study. Thanks again. Mauro

    Plugin Author robertabela

    (@robert681)

    Thank you very much for the detailed update. I am glad you identified the source of the issue. We will look into this and we’ll see how, and if it is possible for us to handle such situations.

    Have a great day.

    Thread Starter Mauro Vicariotto

    (@mrosfy)

    Robert, in any case I strongly suggest you to add a warning message into your website, to give notice of this possible issue: many users (in this case) could face problems if they don’t know how to manage via FTP.

    (PS: sorry for my duplicate thread yesterday, but sometimes the WP forum freezes when you post something, and you don’t get the confirmation, so I had to repeat it)

    Ciao from Italy. Mauro

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘PLEASE URGENT NEED OF HELP’ is closed to new replies.