Login Requiring CAPTCHA although Spam Prevention is Turned Off

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

  • Users keep getting CAPTCHA when they login to Confluence.
  • The spam prevention is turned off in Dashboard >> Administration >> Look and Feel >> Spam Prevention.

Cause

Starting from Confluence 3.2.1, there is a new CAPTCHA option for failed logins. This is designed to prevent automated password attempts against Confluence, which has been used in the past to attack public instances of Atlassian applications.

Resolution

If your users continue to be prompted with CAPTCHA even after logging in successfully, they most likely have an RSS client accessing Confluence with an incorrect password:

  • Ask the user to check their RSS feed reader for error messages about failed password or authentication, and enter the correct password for your site.
  • Check the Confluence log files for information about the failed login.

If only trusted users can access your system, you can turn this security feature off:

  • In Confluence 3.2.1, go to Dashboard >> Administration >> General Configuration >> CAPTCHA on login and turn it off
  • In Confluence 3.3 and later versions, go to Dashboard >> Administration >> Security Configuration >> CAPTCHA on login and disable it

We do not recommend disabling this setting if you have untrusted users or run a publicly accessible instance of Confluence.

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.