[ad_1]
I quickly tried to log in to a website using the built in captcha feature and i noticed while clicking login i made a typo in the captcha field. Yet to my suprise I was still able to log in. After that I tried the following list which all resulted in a succesfull login:
- correct answer
- wrong answer
- empty field
I ran the following tests, all with the same result; being able to log in with empty captcha field and being able to log in with wrong input:
- 4 different websites that all use the Login Lockdown plugin and the built in captcha field, so the problem is not website specific
- Using php 7.4 and php 8.1
- Using WordPress version 6.5.5
- No console errors or blocked responses in console/network tab
- Live website and a local development website
My expectation would be that the captcha field is required and it would validate the input to be correct. If you have any questions please let me know.