WP Login CAPTCHA Full Protection


I'm struggling to understand how this feature works. What I want to achieve is that login pages are always CAPTCHA protected but all the content pages are not (or only in case of brute force attacks).

On server level the info popup of says:
WP Login CAPTCHA Full Protection can also be selected. This setting will redirect to a CAPTCHA if ReCAPTCHA Protection is enabled regardless of Allowed Login Attempts limit and falls back to use Throttle otherwise.
So as I understand it for this feature to work ReCAPTCHA Protection must be enabled too.

But the info popup for reCAPTCHA Protection says:
reCAPTCHA Protection will activate after one of the below situations is hit. Once active, all requests by NON TRUSTED(as configured) clients will be redirected to a reCAPTCHA validation page.
4. WordPress Brute Force Attack Protection is enabled and action is set to 'WP Login CAPTCHA Full Protection'. The client will always redirect to reCAPTCHA first.
In my case it doesn't do that. Could it be related to the Trigger Sensitivity setting?

How can you achieve permanent CAPTCHA protection of login but allow CAPTCHA free access for the content pages?


Staff member
'WP Login CAPTCHA Full Protection should do so, server level recaptha will enable recapcha for all requests, not just wp login request.