New to the community? Start here

[Defender Pro] Disable reCAPTCHA login requirement on staging servers

1

Hello,

Add an option to automatically disable the reCAPTCHA requirement for the WordPress login when the website URL is NOT the live site. This will allow webmasters to login to their staging servers for testing purposes.

Currently, the reCAPTCHA gives an error, “ERROR for site owner: Invalid domain for site key,” when trying to login to a staging server because the URL is different.

Many development environments include a staging server that runs a copy of the live WordPress database, and web masters need to be able to login to test things. Currently, the only solution is to disable Defender Pro on the staging servers.

Mon, 12 Aug 2024 15:39:04
More Defender Pro discussions
Defender Pro
  • Art Smith
    • Site Builder, Child of Zeus

    In my opinion, you should actually add the staging domain to your recaptcha key. Staging environments pose the same security risk as the production site, and this solves the issue without having to change the security software.

  • Adam
    • Support Gorilla

    Hi Cary B. Delmark

    I second Art Smith (Ambrosia Web Technology) on that. You can add more domains and it’s just much safer solution.

    Aside from that, we’d need to recognize somehow that it’s not a live site. The three way I can think of would be:

    1. detecting that that reCaptcha error or simply that the site address has changed and disabling it automatically based on that

    this would be very unsafe and cause captcha to be disabled in cases when it should not be;

    2. same as above but with issuing a notification in admin area for admin to confirm if it’s staging or not

    that’d be better but it would require additional action from admin – which also means that admin would first need to login to the site and even then, instead admin could simply disable captcha manually anyway.

    3. or recognizing the WP_ENVIRONMENT_TYPE constant

    This could work nice provided that it’s set with the staging site and it actually rarely is. Some hosts do set them but in most cases and nearly always when staging is just manually created – it’s not really used. So if it would need to be set manually – it’s also as good as simply disabling captcha manually in plugin.

    All in all, simply setting captcha to work with additional domain is way simpler in a long run and just safer solution.

    Best regards,
    Adam