You could add a statement to the end that require them to answer a question if they dont have a cookie set and sets a cookie when they do, allowing them access to the site. I’m on my phone but something like this.
<?php
if($_POST['q'] == 'answer') {
// set cookie
} elseif($_COOKIE['q'] != 'cookie') {
// include question template and die
}
?>
Related Posts:
- I need to find which is the file that checks the DB for correct login (username, password)
- How to invalidate `password reset key` after being used
- Is there any way to rename or hide wp-login.php?
- Increase of failed login attempts, brute force attacks? [closed]
- Check for correct username on custom login form
- How to fake a WordPress login?
- Brute force attack?
- Add Confirm Password field in wp-login.php Password Reset page
- Receiving “This content cannot be displayed in a frame” error on login page
- How to customise wp-login.php only for users who are setting a password for the first time?
- Give visitor access to password protected page/post via external script
- Send reset password link to user from custom lost password form
- Websites defaced by uploading script using theme editor
- Make wordpress admin failed login attempt return 401
- How can I retrieve the username and password from my WordPress installation?
- password protect individual pages
- Problem with logging in WP users automatically
- WordPress login urls
- How to determine if a user has not changed default generated password
- Store brute-force IP addresses
- Right practice to edit WP reset password email
- How to create a private login page for admin.?
- WordPress Security – How to block alternative WordPress access
- Protecting WordPress login page
- wp-admin folder, brute force, and password protection
- Sniffing wordpress user’s credentials
- Private page protected with username and password
- reset password link redirect to login page
- Password protect media attachment – share across guests
- Password reset – Disabled for LDAP accounts
- Why wp_update_user doesn’t update user_activation_key on users with apostrophes in their email?
- Forgot Password/ Password Reset Page does not exist
- Correct passwords keep appearing as incorrect
- disable site_url redirect in wp-login.php
- Forgot password needs to redirect from wp-login to a custom page
- Reset Password policy
- How can I change the email sender name from wordpress to (myblogname) on the “lost password” email?
- Does WordPress (or a plugin) reveal login credentials to admin?
- Is wp_login_form secure on a non secure page?
- How to password-protect everything except the logo
- WordPress login security
- Why isn’t the login page rate limited by default?
- Is there anyway to get the inputted password string from the login form?
- Input sanitation
- How to Prevent Brute Force Attack on WordPress
- Password not resetting on wordpress?
- Advice on redirect to lock site from unauthorized users
- autocomplete=”off” WordPress Login
- WordPress not logged in locally with correct username and password
- wordpress login without password just email address (NO 2 factor authentication with email)
- Where is the php file, that does the checks for login information?
- Error on WordPress Login
- Access log “POST /wp-login.php HTTP/1.0” 400
- Can I protect a type of content site-wide with a single password?
- Password recovery URL has error – but not found in code or db
- force login loophole
- Temporally disable password to login with empty password?
- How to create separate login for authors/moderators/subscribers?
- Login form does not store/remember/suggest users password
- WordPress password reset not working
- New user password confirmation sending wrong URL
- Locked out of WordPress admin area [closed]
- Global login to password protected pages
- Disable / Remove Password for Login WordPress
- How to password protect pages in WordPress
- Site is not loading after relogin attempts on SSL
- Chosen user password in registration is not being accepted on Login
- Some crawlers/bots attempting to login with very good guesses. How?
- User login without username, only password
- wp_lostpassword_url not escaped
- Hide wp-login.php but not the widget
- Trouble logging in and/or changing password
- Cannot login with correct username and password anymore
- How login is possible, if I deny login page via nginx?
- Cant login, Password MUST be reset error, after reset
- Log in a user upon password reset?
- Customize From and email address on password reset
- How to use current_user_can()?
- WordPress registration message
- Limiting sessions to one IP at a time
- Password change when the user login first time
- How can I create a separate blog that is private?
- Remove built in wordpress login and use only google auth
- Does WP show me if I’m logged in from multiple locations?
- Integrate WordPress Blog with Moodle LMS
- Add class to input form in login form
- Unable to access website admin page – 500 error – how to change landing page
- WordPress/Buddypress login theme function [closed]
- WordPress custom login form using Ajax
- How to use a custom login template and still have it linked to the wp-login.php instead of creating a new page?
- Login again after profile update
- Changed primary domain and now wordpress login won’t work
- Forcing frontend login with UI switch
- How are all users now set to inactive?
- Recovering log in information
- Extend Cookie with auth_cookie_expiration not working
- Why does /wp-admin login send me to this landing page?
- Changed from HTTP to HTTP, can login no longer login
- Without user loging inner page is disable wordpress [duplicate]
- Editing wp-login.php