2016-03-27, 04:24 PM
Currently we have the option for 0, to disable the feature entirely or use 1 so after 1 failed login it displays the captcha.
I've seen some forums who've manually edited core to implement the feature, and it's worked. But it would be better if MyBB offered the option to display captcha on the login/registration page regardless whether or not the user failed a login. Ultimately will stop bruteforce, as bots only need one test, failed source/header found then there's no use of retries.
But with Google's ReCaptcha enabled there without failed logins will stop bruteforce entirely as it's impossible to bypass it and all users much authenticate themself whether or not they fail once already.
Regards,
Consaholic (Professional php developer & ethical network exploiter)
I've seen some forums who've manually edited core to implement the feature, and it's worked. But it would be better if MyBB offered the option to display captcha on the login/registration page regardless whether or not the user failed a login. Ultimately will stop bruteforce, as bots only need one test, failed source/header found then there's no use of retries.
But with Google's ReCaptcha enabled there without failed logins will stop bruteforce entirely as it's impossible to bypass it and all users much authenticate themself whether or not they fail once already.
Regards,
Consaholic (Professional php developer & ethical network exploiter)