Since the bots send HTTP Post requests directly at the known target /wp-login.php to skip the Captcha, would it be possible to check for a custom Post Input such as the Captcha Input or my own custom input field, and then deny the request if not present?
So, using https://www.nginx.com/resources/wiki/modules/form_input/
I'm a NGINX newbie but I'm imagining something like:
location /wp-login.php {
set_form_input $log; #input name for wp username
set_form_input $pwd; #input name for wp password
set_form_input $my_custom_field; #my custom input
if (!$my_custom_field){ #my custom input field not set
return 444;
}
#how to test if a variable in NGINX has been set?
}
Is something like this possible?
Thanks!