Captcha bypass on register tab with plugin

@beats247 unfortunately I’m not able to reproduce this. Note that if you are using development recaptcha keys, it will always go through whether the box is checked or not. But with production keys, when I enter valid registration details but do not check the recaptcha box, I get back the expected “ERROR : Please check the ReCaptcha box” message.

It looks like you are using a secondary “Sign Up Email Verification” plugin here, which may be conflicting if it intercepts the registration process upstream of the captcha and puts it into a “pending confirmation” mode.

In any case, that plugin alone should protect you from unwanted signups.

Hey Robert,
thanks for getting back to me! Yes, I am using the customer verification for WooCommerce plugin: https://www.ads-software.com/plugins/customer-email-verification-for-woocommerce/

However, bots would still be able to register an account and clutter the database with unverified accounts. It does not protect against these sign ups, it only makes sure the account is legitimate. I also deactivated the plugin and the captcha is still bypassed. Is there any way that makes your plugin block the ‘register’ button until the captcha has been solved, like on the ‘login’ button? Thanks again!

PS: I am using the profile builder plugin on my current site with a verification setting & captcha as well and there you also cannot register if the captcha isn’t solved.

@beats247 unfortunately it’s not possible to disable the button using javascript as it is on the login form. And even if we did, it wouldn’t stop robots as they have no respect for javascript.

Your best bet is to remove/replace the plugin that is causing the conflict. The plugin you are using is not respecting the downstream registration verification, which is impolite at best and dangerous at worst as it bypasses not only this plugin but other future registration form validations. Good luck!

I deactivated the plugin but the captcha created by your plugin can still be bypassed. Thank you.

Bummer. Must be some other plugin conflict. Works on all the installations I am running. Good luck!

I deactivated ALL plugins. Still not working. It cannot be a plugin conflict.

Strange. Thanks for testing. You’re welcome to submit a pull request if you find out what is the issue: https://github.com/cyberscribe/login-recaptcha

It’s because of the theme. I think your plugin cannot handle tabs on the my account page. Would you be able to solve this? I could send you the theme or the needed php files. Let me know. Thank you.

• This reply was modified 4 years, 10 months ago by Beats247.

Sorry, I can’t keep supporting all the custom aspects. I may remove it from the Woo page if it’s now using tabs by default, or even remove the plugin from the WP repository entirely if problems with Woo updates continue.

If you are a coder, feel free to try to adapt it to the tab-based Woo layout and submit the code.

Basically, either the community starts supporting this, or I just keep it on GitHub for me and my clients and stop supporting it publicly.

Sorry. I just can’t keep working this hard for free. I was trying to do a nice thing by sharing it for others to use, but I get so many requests for technical support each week that it’s getting kind of silly now.

I’ll put something up on the forum about limited support going forward.

I completely understand you, Robert. No worries. It looks like some other free plugins have the same issues (multiple instances of recaptcha on the same page don’t work). I think the easiest solution would be to enable it only on the register tab as it cannot do both right now. I don’t think it is needed on the login form anyway. If you are not able to fix it (could send you a tip) or don’t want to spend the time on it – no problem at all, I totally understand. There’s a paid version from WC directly afaik. Don’t let this discourage you though! You’re doing fantastic work, it’s very much appreciated.

Thanks, that’s most kind.

@beats247 – there was a bug introduced by a community contribution 18 days ago that did in fact allow user registration captcha bypass. That has been fixed in the latest release. I’d be very curious to know if it resolves the issue for you too. Here’s hoping!

Hey Robert,
very glad to hear that, I appreciate your update. Works like a charm now! Thank you.