Lunarpages Web Hosting Forum

Author Topic: Captcha on Wordpress admin login  (Read 13513 times)

Offline bklawmaster

  • Newbie
  • *
  • Posts: 2
Captcha on Wordpress admin login
« on: August 18, 2013, 11:01:31 AM »
I recently installed a new Wordpress website via Softaculous (I know...I know... that isn't the best way to install Wordpress, but I was in a hurry and it's just a blog website).  Anyway, when I go to wp-admin to sign into the Wordpress dashboard I get a Captcha interrupt that says:

As an added security messure, your host has introduced a captcha image to prevent brute-force attacks on your login page. You will be directed to your login page once you successfully complete the the Captcha below.

I put in a trouble ticket asking them to take this off.  They are telling me that it isn't anything they did.  I guess they missed the part that says "YOUR HOST HAS INTRODUCED". 

Does anyone know what this is all about and how to get rid of it?


Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6369
Re: Captcha on Wordpress admin login
« Reply #1 on: August 18, 2013, 06:21:18 PM »
It might be in response to: http://www.lunarforums.com/latest_hosting_news_and_announcements/wordpress_brute_force_attacks-t62139.0.html. That's assuming "Lunarpages has implemented additional security tools" means adding a CAPTCHA. Considering how easy CAPTCHAs are for bots to crack, it's probably not very useful. Assuming they (LP or Softaculous) inserted the modified login code, you ought to be able to compare the code to a pure install package's code and see what needs to come out. Or, replace the files with a set from WP. Then the onus will be on you to make sure you have up to date WP code and measures to prevent the recent brute force attacks.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline Malin Cenusa

  • Customer Service Representative
  • Support
  • Spaceship Navigator
  • *****
  • Posts: 83
  • The World Is Not Enough
    • Solutions Straight from Tech Support
Re: Captcha on Wordpress admin login
« Reply #2 on: August 20, 2013, 04:02:36 AM »
Out staff has warned about the Wordpress bruteforce attack even since April 2013 when it was first spotted and when our customers were targeted.

If you are using the default username "admin" then there is a high chance that your Wordpress is targeted.

The captcha protection is not installed on the customer's Wordpress or account but actually at server level and comes into place as soon as the attack vector is matched. If you're seeing the captcha then most probably your account is under attack and you should follow all recommendations we made regarding it into http://www.lunarforums.com/latest_hosting_news_and_announcements/wordpress_brute_force_attacks-t62139.0.html to mitigate the attack and avoid further issues.
Malin Cenusa

Customer Service Representative 2 - Managed Shared Hosting Team
Lunarpages Internet Solutions

Managed Hosting Now Available
http://www.lpwebhosting.com/managed

Website: http://lunarpages.com
Email: support@lunarpages.com
Phone: 1-714-521-8150
Community - http://www.lunarforums.com
Tutorials - http://www.lunarpages.com/tutorials/

Offline austingrd

  • Intergalactic Cowboy
  • *****
  • Posts: 53
Re: Captcha on Wordpress admin login
« Reply #3 on: August 25, 2013, 04:40:43 AM »
I recently installed a new Wordpress website via Softaculous (I know...I know... that isn't the best way to install Wordpress, but I was in a hurry and it's just a blog website).  Anyway, when I go to wp-admin to sign into the Wordpress dashboard I get a Captcha interrupt that says:

As an added security messure, your host has introduced a captcha image to prevent brute-force attacks on your login page. You will be directed to your login page once you successfully complete the the Captcha below.

I put in a trouble ticket asking them to take this off.  They are telling me that it isn't anything they did.  I guess they missed the part that says "YOUR HOST HAS INTRODUCED". 

Does anyone know what this is all about and how to get rid of it?



Hi Bk. I'm just wondering. Were you able to find a work around for this already?

Offline BradleyLP

  • Pong! (the videogame) Master
  • *****
  • Posts: 29
Re: Captcha on Wordpress admin login
« Reply #4 on: September 03, 2013, 10:02:32 AM »
Dear BkLawMaster,

Unfortunately this is a necessary and permanent protection. A sign of the times. The good news is while other companies may suspend your account, we are taking a proactive approach on security to protect your websites.

Here are some articles to read about the massive botnet attacks against Wordpress and Joomla sites:

1. http://www.us-cert.gov/ncas/current-activity/2013/04/15/WordPress-Sites-Targeted-Mass-Brute-force-Botnet-Attack
2. http://www.bankinfosecurity.com/attackers-target-weak-web-app-passwords-a-6005
3. http://threatpost.com/hackers-using-brute-force-attacks-harvest-wordpress-sites-041513/77730
4. http://blog.sucuri.net/2013/04/the-wordpress-brute-force-attack-timeline.html

Thank you for your understanding.

Offline wildenborch

  • Trekkie
  • **
  • Posts: 13
Re: Captcha on Wordpress admin login
« Reply #5 on: April 12, 2018, 10:41:04 AM »
I wonder if this protection is still necessary. More and more plugins are available with better protection.
My site is protected with Security & Malware scan by CleanTalk.

Having said this, the lunarpages recaptcha proteciton on at least my site needs to be updated (and prefereably be removed).
It shows a warning that V1 Shutdown on 2018-03-31.
You can now simply bypass the protection by clicking in the text field and enter.

Best regards,
Fred
The Netherlands

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6369
Re: Captcha on Wordpress admin login
« Reply #6 on: April 12, 2018, 11:23:15 AM »
I'm guessing that you could always install vanilla WP from wordpress.org, and customize it with security plug-ins etc. that you feel are the best. I assume that LP isn't going to scan your site and take you down if you don't have their customized version. So long as it gets the job done, security-wise, I would think it OK.

As for using a now-obsolete version of reCAPTCHA, thank you for bringing it to LP's attention. Hopefully someone in LP support will read your post and act on it (I'm not on that side of the fence). Please let us know if you hear anything back. Perhaps you could list your recommended plug-ins and LP/Softaculous might implement them instead of the current reCAPTCHA.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-