Login Requiring CAPTCHA although Spam Prevention is Turned Off
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
Users keep getting CAPTCHA when they login to Confluence.
The spam prevention is turned off in
Dashboard >> Administration >> Look and Feel >> Spam Prevention.
Cause
Starting from Confluence 3.2.1, there is a new CAPTCHA option for failed logins. This is designed to prevent automated password attempts against Confluence, which has been used in the past to attack public instances of Atlassian applications.
Resolution
If your users continue to be prompted with CAPTCHA even after logging in successfully, they most likely have an RSS client accessing Confluence with an incorrect password:
Ask the user to check their RSS feed reader for error messages about failed password or authentication, and enter the correct password for your site.
Check the Confluence log files for information about the failed login.
If only trusted users can access your system, you can turn this security feature off:
In Confluence 3.2.1, go to
Dashboard >> Administration >> General Configuration >> CAPTCHA on loginand turn it offIn Confluence 3.3 and later versions, go to
Dashboard >> Administration >> Security Configuration >> CAPTCHA on loginand disable it
We do not recommend disabling this setting if you have untrusted users or run a publicly accessible instance of Confluence.
Was this helpful?