Confluence 4.0 : Configuring Captcha for Failed Logins
This page last changed on Apr 18, 2011 by pwatson.
If you have confluence administrator permissions, you can configure Confluence to impose a maximum number of repeated login attempts. After a given number of failed login attempts (the default is three) Confluence will display a Captcha form asking the user to enter a given word when attempting to log in again. This will prevent brute force attacks on the Confluence login screen. Similarly, after three failed login attempts via the XML-RPC or SOAP API, an error message will be returned instructing the user to log in via the web interface. Captcha will automatically be activated when they attempt this login. 'Captcha' is the technical term for a test that can distinguish a human being from an automated agent such as a web spider or robot. You can read more about Captcha on Wikipedia. When Captcha is activated, users will need to recognise a distorted picture of a word, and must type the word into a text field. This is easy for humans to do, but very difficult for computers.
Enabling, Disabling and Configuring Captcha for Failed LoginsBy default, Captcha for failed logins is enabled and the number of failed login attempts is set to three. To enable, disable and configure Captcha for failed logins:
Notes
Related Topics |
![]() |
Document generated by Confluence on Sep 19, 2011 02:40 |