You could add a statement to the end that require them to answer a question if they dont have a cookie set and sets a cookie when they do, allowing them access to the site. I’m on my phone but something like this.
<?php
if($_POST['q'] == 'answer') {
// set cookie
} elseif($_COOKIE['q'] != 'cookie') {
// include question template and die
}
?>
Related Posts:
- I need to find which is the file that checks the DB for correct login (username, password)
- How to invalidate `password reset key` after being used
- Is there any way to rename or hide wp-login.php?
- Increase of failed login attempts, brute force attacks? [closed]
- Check for correct username on custom login form
- How to fake a WordPress login?
- Brute force attack?
- Add Confirm Password field in wp-login.php Password Reset page
- Receiving “This content cannot be displayed in a frame” error on login page
- How to customise wp-login.php only for users who are setting a password for the first time?
- Give visitor access to password protected page/post via external script
- Send reset password link to user from custom lost password form
- Websites defaced by uploading script using theme editor
- Make wordpress admin failed login attempt return 401
- How can I retrieve the username and password from my WordPress installation?
- password protect individual pages
- Problem with logging in WP users automatically
- WordPress login urls
- How to determine if a user has not changed default generated password
- Store brute-force IP addresses
- Right practice to edit WP reset password email
- How to create a private login page for admin.?
- WordPress Security – How to block alternative WordPress access
- Protecting WordPress login page
- wp-admin folder, brute force, and password protection
- Sniffing wordpress user’s credentials
- Private page protected with username and password
- reset password link redirect to login page
- Password protect media attachment – share across guests
- Password reset – Disabled for LDAP accounts
- Why wp_update_user doesn’t update user_activation_key on users with apostrophes in their email?
- Forgot Password/ Password Reset Page does not exist
- Correct passwords keep appearing as incorrect
- disable site_url redirect in wp-login.php
- Forgot password needs to redirect from wp-login to a custom page
- Reset Password policy
- How can I change the email sender name from wordpress to (myblogname) on the “lost password” email?
- Does WordPress (or a plugin) reveal login credentials to admin?
- Is wp_login_form secure on a non secure page?
- How to password-protect everything except the logo
- WordPress login security
- Why isn’t the login page rate limited by default?
- Is there anyway to get the inputted password string from the login form?
- Input sanitation
- How to Prevent Brute Force Attack on WordPress
- Password not resetting on wordpress?
- Advice on redirect to lock site from unauthorized users
- autocomplete=”off” WordPress Login
- WordPress not logged in locally with correct username and password
- wordpress login without password just email address (NO 2 factor authentication with email)
- Where is the php file, that does the checks for login information?
- Error on WordPress Login
- Access log “POST /wp-login.php HTTP/1.0” 400
- Can I protect a type of content site-wide with a single password?
- Password recovery URL has error – but not found in code or db
- force login loophole
- Temporally disable password to login with empty password?
- How to create separate login for authors/moderators/subscribers?
- Login form does not store/remember/suggest users password
- WordPress password reset not working
- New user password confirmation sending wrong URL
- Locked out of WordPress admin area [closed]
- Global login to password protected pages
- Disable / Remove Password for Login WordPress
- How to password protect pages in WordPress
- Site is not loading after relogin attempts on SSL
- Chosen user password in registration is not being accepted on Login
- Some crawlers/bots attempting to login with very good guesses. How?
- User login without username, only password
- wp_lostpassword_url not escaped
- Hide wp-login.php but not the widget
- Trouble logging in and/or changing password
- Cannot login with correct username and password anymore
- How login is possible, if I deny login page via nginx?
- Cant login, Password MUST be reset error, after reset
- Log in a user upon password reset?
- Can’t log in: “ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.”
- How to disable autocomplete on the wp-login.php page
- moving server can not login
- How can I secure a WordPress blog using OpenID from a single provider?
- Is there any point setting the keys and salts in wp-config.php?
- Different homepage for logged in users
- Why would the login page reload indefinitely?
- Set Default User Role
- Why is wp-login trying to send an email?
- Can’t login to my own website
- Can I Get User ID at Login?
- I want login using email not username wordpress front end
- Reset Password Limit not working
- Special link for no automatic login (no username and no password)
- Making sure two different wordpress website has auto login
- How do i Redirect specific user(WooCommerce Sign-in not wordpress admin page sign-in) to specific page
- Improvements to “limit login attempts” plugin
- Add a required field to Registration
- Can’t login through wp-login.php on fresh installation
- Using wp_login_form passowrd as undefined
- Redirect non-members to about/intro page
- What techniques can a user employ to achieve a password rated “strong” in the WordPress password checker
- How can I automatically change directory on ssh login?
- How to remove without touching the pluggable.php the wordpress_logged_in cookie to show the username on login?