cjwallac

Cookie based Brute Force tested and works as alternative.

Ok that’s a fair option to enable Cookie Based Brute Force. It is possible as I do have ‘themes’ running on the site. I will attempt to enable Brute Force and mark as resolved upon success.

Understand the remoteness it being an actual security concern, but there does seem to be an issue with these two options enabled at the same time.

Yes rename login page is Eanbled, Yes it does have a ‘secret’ word. Could this login page be index by any search engine? Are you saying both options can not be enabled at the same time?

No it does display, but if we leave the captcha blank it doesn’t prevent the user from logging in.

Yes and under Brute Force
– Rename Login Page is Enabled, Cooke based brute force is disabled.
– All Login Captcha’s are enabled
– Login Whiteliest is Disables
– Honeyput is enabled.

Yes thanks!

I also have a problem with Captcha, basically the login displays the math Captcha, but then it doesn’t seem to be required. If we login without using the Captcha it just allows us to login with no error or rejected login. I do understand Captcha isn’t perfect, but this issues make it irrelevant. Please let me know if there is either a setting or if this is true issues let me know how I can help resolve.