Scroll Top


Plugin WordPress Captcha On Login

Current Version: 2.0

Plugin WordPress Captcha On Login: Current Features

  1. * Limit the number of login attempts throught wp login form as well as auth cookies.
  2. * Option to change admin username and grown up the security
  3. * Report page, where you can see blocked ips and last 1000 sucess and failed logins.
  4. * Option to block IPs permanently
  5. * Option to unblock IPs
  6. * Option to define maximum number of login attempts befor locking the ip
  7. * Some visual options, as background image, color of text, number of characters, etc.

Nowadays, it is common hackers trying to get access to your blog, so, it is very important you make some actions to prevent your blog from being hacked. A good way to turn the login system of your blog more secure is to use that plugin Captcha on Login. It will Protect your blog from login brute force attacks adding a captcha on login page. That plugin also locks IPS after a specific number of login tries failed, note that on the plugin’s options page you can set these numbers.

Currently, the plugin also allow us to change the default admin username from admin to whatever you want. Changing the username of the admin is a great idea to prevent brute force atacks and turn your blog more secure.

Since version 1.0 the plugin has a report page, where you can see blocked ips and last 1000 sucess and failed logins and you can unblock blocked ips you wish.

PLugin Worpdress Captcha on Login

Take a look at the plugin settings page:

Plugins WordPress Captcha On Login

And the Report page:

Plugin captcha on login blog wp

And finally, the Login Page with the Image Code:

login page plugin catpcha

Plugin Download

You can download it directy from the WordPress Directory at:


This plugin will help you to turn your blog more secure. If you have any question about it, don’t hesitate to leave a comment.

Plugin Changelog

= 0.1 =
* Plugin publication

= 1.0 =
* Added an option to unblock blocked ips
* Added an report page where you can see all blocked ips and the last 100 sucess or failed logins
* Added an option to change default admin username and increase the security of your blog

= 1.1 =
* Changed the report page from last 100 logins to last 1000 logins and fixed a little bug.

= 2.0 =
* The plugin started limiting also the number of login attempts using auth cookies
* The plugin allows you adding permanent blocked ips
* Added an report are for see all permanent blocked ips

Sobre o autor | Website

Webmaster with interest on SEO, Wordpress, Digital Marketing, PHP Programming

41 Comentários

  1. Art Lane says:

    I’m using WP 3.5.2 and have discovered that some of my sites display your settings page just fine, while others only display a blank page. Any idea as to why?

    I reloaded your plugin several times with no success at getting the settings page to display and have deactivated the other plugins one by one, but cannot get the settings page to display.

  2. eCalm says:

    Hello. We are using WP 3.6.1. The image code is not showing on login pages. All I see is a broken image link (screen shot… Any ideas? Thanks.

  3. jibranseo says:

    hi Admin,
    i love your this website and i am your member, let me know that as i have posted an article on website with my username so why i am unable to publish that ?
    will you publish it your self ?

  4. Andrew says:

    Installed on wordpress 3.2.1 options and primary functions working fine but the banned ips and logs do not show up at all under the options page, after “Visual Settings”.

    All we can see is the author’s information.

    Version installed of the “captcha” is 1.1.

  5. K.Wai says:

    The text does not show in Google Chrome. Works in Firefox.

  6. Jamie Selby says:

    Hi there, have just uploaded plugin to my site running latest update of 3.7. Despite entering captcha details correctly plugin is refusing login, any ideas?

  7. Fabien says:

    i have several sites, running all in latest wordpress version 3.7.1, and some of them are having issue with your plugin, the image displays no letter at all, no matter if i reload the page or resend the plugin.

    It completly blocks my administration access, do you have any solution ?

    • Fabien says:

      I found the problem, your plugin doesn’t go along with HC Custom WP-Admin URL so i used another plugin to reroot admin url

  8. Sergiy says:

    It seems plugin not always block IP address after 10 wrong logins.

    I have a lot of cases in log when somebody tried to enter wrong password even not trying to input CAPTCHA, but IP was not blocked.

    I see blocked IP once only.

  9. Nilcilei says:

    Ola campeão! Tudo bem, eu gostaria Anderson que vc mandasse para mim uma vídeo aula ou uma matéria sobre como colocar a minha logo acima do painel administrativo do wordpress, se possível ! UM forte abraço (eu admiro o seu trabalho ).

  10. LC Scott says:

    When I enter the image code, I’m still unable to access my sight. I get the following message, “The image code is incorrect. Try again.” What’s you process to uninstall the plugin?

    • admin says:

      Man, you can access your server throught FTP and delete the plugin folder. So, the WordPress system will deactivate it automatically for you on the next login.

  11. Hello!

    After using the plugin for a few monts I got a fatal error crashing my site.

    This is the error I get:

    PHP Fatal error: Call to undefined function plugin_basename() in /home/*****/public_html/wp-content/plugins/captcha-on-login/index.php on line 48

    • admin says:

      Hi. The function plugin_basename is an WP core function, take a look:

      It is located at: wp-includes/plugin.php

      So, you can open that file wp-includes/plugin.php on any editor and look for that function

      Another idea is you verify if the function don’t exist and declare it yourself. See how:


      function plugin_basename( $file ) {
      global $wp_plugin_paths;

      foreach ( $wp_plugin_paths as $dir => $realdir ) {
      if ( strpos( $file, $realdir ) === 0 ) {
      $file = $dir . substr( $file, strlen( $realdir ) );

      $file = wp_normalize_path( $file );
      $plugin_dir = wp_normalize_path( WP_PLUGIN_DIR );
      $mu_plugin_dir = wp_normalize_path( WPMU_PLUGIN_DIR );

      $file = preg_replace(‘#^’ . preg_quote($plugin_dir, ‘#’) . ‘/|^’ . preg_quote($mu_plugin_dir, ‘#’) . ‘/#’,”,$file); // get relative path from plugins dir
      $file = trim($file, ‘/’);
      return $file;


      So, just put the above code in the begining of the file public_html/wp-content/plugins/captcha-on-login/index.php.

  12. Michele says:

    I noticed that the plugin does not recognize the difference between uppercase and lowercase words. Could you fix this bug by increasing the effectiveness of your plugin?

    • admin says:

      Michele, it isn’t a bug, you can limit how many wrong login tries… upercase and lowercase is most important on systems where hackers can try brute force attacks.

  13. Major says:

    It’s hard to find your website in google. I found it on 11 spot,
    you should build quality backlinks , it will help you
    to rank to google top 10. I know how to help you, just type in google –
    k2 seo tips

  14. Bourgeois says:

    with WP W3TC + CDN i have difficulties to login specialy with chrome (always wrong image and finally blocked for one day).
    Is it possible to have a whitelist of IPs ?
    Where are stored the blocked IPs (flat file, database, where)?


    • admin says:

      Currently there is no option to whitelist ips… and the blocked IPs is sotred on database at wp options table with the field name “Anderson_Makiyama_Captcha_On_Login_options”

  15. jay says:

    why if the hacker block your IP?

  16. rico says:

    Works well, thank you :)


  17. Mih says:

    WP 4.0

    Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method Anderson_Makiyama_Captcha_On_Login::check_blocked_ips_befor_all() should not be called statically in /wp-includes/plugin.php on line 505

    Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method Anderson_Makiyama_Captcha_On_Login::check_code() should not be called statically in /wp-includes/plugin.php on line 580

    Notice: Undefined index: Anderson_Makiyama_Captcha_On_Login_total_error_code in /wp-content/plugins/captcha-on-login/index.php on line 396

    Fatal error: Class ‘WP_Session_Tokens’ not found in /wp-includes/pluggable.php on line 879

  18. Bourgeois says:


    could you add a feature to add Whitelisted IPs ?
    I have the problem on 2 installations (dont know why, perhaps cache problem ,…) but i block my own IP many times and have no other solution than to unactivate the plugin …


  19. Charles Como says:

    Any way to add the code into a popup login page that I have.. what is the php code I can add to my template? If there is a way to do it.

    Thanks so much! Great plugin!


  20. Delia says:

    The images don’t show and GD library is installed on this server (it’s mine and a number of sites use GD.

  21. Daryl van Sittert says:

    My captcha image wasn’t showing up. In the apache log file, I saw the error “Call to undefined function imagecreatefromjpeg()” and installed php-gd. Now it works fine.

  22. Oliver says:

    As mentioned some times already: a blank Image at the Login Screen locks me out of my Site. What is the Solution?

    • Anderson Mak says:

      Probably the PHP lib GD is not installed on your server. But I am going to plublish a new version witch will allow users with no GD lib installed to use the plugin.

      Of course, you can delete the plugin accessing your site via FTP.

  23. I love this plugin and use it on many sites after being hacked before. On one of my sites,, the plugin keeps getting removed. Have you seen this before? Has someone hacked my site and is removing it? I’m on WordPress 4.1.1 and the latest version of WooCommerce.

  24. shahin says:


    how i can clear logs?

  25. I installed the plugin and it worked great. Then someone let me know that it was impossible to load the website from Chrome, that it was causing a cache overflow. I uninstalled the plugin and the issue disappeared. Still, I have to tell you that the plugin was otherwise exactly what I needed. Thank you.
    (WordPress 4.2.2)

Para enviar seu comentário, preencha os campos abaixo: