Lack of protection with JS disabled

  • Hello!

    I did some tests with your plugin by disabling JS and came to the following conclusions:
    1. while is seems to protect wp-login.php with JS disabled(by saying that the username and password is incorrect even though it is – is this expected behaviour?), it works with “Theme My Login” with JS enabled, but does nothing with JS disabled.(this is secondary, as I don’t expext you to support “Theme My Login” necessarily)
    2. it completely lacks protection for Gravity Forms with JS disable. Surely, we can’t rely on bots to execute JS, so, basically, GF protection is non-existent.

    1. is saying that the username and password is incorrect with JS disalbed on wp-login.php expected behaviour? Is this reliable protection?
    2. Do you intend to improve GF support?

    Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)

  • +1 This does not stop bots from signing up via a GF form on my site as well. I know you mention that you support GF, but it appears that it’s not working properly. Any plans to improve the GF support? Thank you!

    Thread Starter Hlsg

    (@hlsg)

    Yeap. This needs server side validation all around.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Lack of protection with JS disabled’ is closed to new replies.

Tags