Login Requiring CAPTCHA although Spam Prevention is Turned Off
- Users keep getting CAPTCHA when they login to Confluence.
- The spam prevention is turned off in
Dashboard >> Administration >> Look and Feel >> Spam Prevention.
Starting from Confluence 3.2.1, there is a new CAPTCHA option for failed logins. This is designed to prevent automated password attempts against Confluence, which has been used in the past to attack public instances of Atlassian applications.
If your users continue to be prompted with CAPTCHA even after logging in successfully, they most likely have an RSS client accessing Confluence with an incorrect password:
- Ask the user to check their RSS feed reader for error messages about failed password or authentication, and enter the correct password for your site.
- Check the Confluence log files for information about the failed login.
If only trusted users can access your system, you can turn this security feature off:
- In Confluence 3.2.1, go to
Dashboard >> Administration >> General Configuration >> CAPTCHA on loginand turn it off
- In Confluence 3.3 and later versions, go to
Dashboard >> Administration >> Security Configuration >> CAPTCHA on loginand disable it
We do not recommend disabling this setting if you have untrusted users or run a publicly accessible instance of Confluence.