wordfence prevent log-in from third party form

Hello @jbonlinea and thanks for reaching out to us!

What is the block reason in the Wordfence > Tools > Live Traffic for these blocks?

Can you provided the extension for which your custom login page is? Not the whole URL, since I want to maintain your privacy. Just the ending like /loginpage/

Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

Thanks again!

Hi
The liva trafic page says type “login -failed” page visited “/cf-api/CF601abc919XXXX ” which is most certainely caldera form which is used (I’ll probably have to change that sooner or later but not now) ; Human/Bot: Human ;

Hum,
the registration and log-in page are the generic one from wordpress, I haven’t changed that.
Then I have a page with a form, which can log-in user. is this the page you look for ? the page slug is something like “membership” (I don’t want to disclose it as the real slug contains the most important part of the domain name ??

report sent

Thank’s for your support

The diagnostic looks good and thanks for sending it!

I am wondering if our Brute Force Protection is interfering with the custom login form. Sometimes with multiple login forms on a site, the standard wp-login page and then another page, it conflicts with something in the database to cause random lockouts on accounts even if they are using the correct credentials.

Can you test this with Wordfence disabled? Also, which plugin is it that uses the login form?

Thanks again!

Hello,

Thank’s for the feedback.

If I disable wordfrence, then we can use my custom form to log in. if I enable it, not anymore, it’s pretty consistent and happend with at least few wp account that do not have the same role.

The form I use is build with caldera form
(this is something that may change in the near future, but not now for several reasons)

Regards

If you want to be able to use both login pages (wp-login and your custom login page) you might need to disable the Brute Force Protection from Wordfence. Which I don’t recommend but I think that is the only way that this will work properly.

If you want to disable Brute Force Protection, navigate to Wordfence > All Options > Brute Force Protection and turn it OFF.

Sorry about the inconvenience! We have our dev team working with more integration with other plugins but currently, some membership plugins cause interference, especially with custom login pages.

Thanks again!

Hello,

Thank’s for your reply.

Sadly, even with brute-force disabled, I can’t log-in from my custom from.

However it appears that the issue comes from “re-captcha”.
If brute-force is enabled and re-captcha disabled, I can use my form to log-in.
I wonder is this will prevent the creation of spam account.

Obvisouly, this is least than ideal, so I wonder how other people do, I must no be the only one using a log-in form and wordfence ?!
Thus what would be wordfence “recomended” way to set a custom log-in form ?

Thank’s

Update,
with rute force enabled and recaptchat disabled, there is still some spam account created.

So it would be great if enabling re-captchat for wp log-in page wouldn’t block logging in from a third-party form.
Regards