When I have Google ReCaptcha V3 integrated with my Contact Form 7 forms, they do not validate and come back with the error message under the form “There was an error trying to send your message. Please try again later.”

If I remove the integration for Google ReCaptcha V3 the form sends and validates.

WP Version 5.9
Contact Form 7 Version 5.5.4

I googled the issue and found this resource which someone posted, but hesitant to try a third party plugin to resolve.

https://www.ads-software.com/support/topic/contact-7-validation-issues-a-potential-solution/

Can the Contact Form 7 Authors/Developers look into this please?

Thanks.

WordPress and plugin WPForms Lite have the last version , Unconfluous mode is enable too

hCaptcha doesn’t work too.
What can i do? Help me pls, thank you!

function conditionally_load_plugin_js_css(){
	if(!is_page(array(48)) ) { # Only load CSS and JS on ppage/post #48	
		wp_dequeue_script('contact-form-7'); # Restrict scripts.
		wp_dequeue_script('google-recaptcha');
		wp_dequeue_style('contact-form-7'); # Restrict css.
	}
}
add_action( 'wp_enqueue_scripts', 'conditionally_load_plugin_js_css' ); 

I am using WP 5.5. The above code works fine with CF7 version 5.1.9 but after upgrading to 5.2.2 the recaptcha badge pops up on every page and it is very annoying.

for a week or so, i keep getting the error-message “You must submit the reCAPTCHA to proceed. Please try again.” when i try to login to my WordPress.
I haven’t changed the configuration/api-keys, yet all my WP-instances running iThemes Security Pro won’t let me in anymore. The only way to get in for me is to disable the iThemes-Plugin each time Plesks WordPress-Module before i go to the Login-Page.

Any ideas how to troubleshoot this one?

With the use of Recaptcha v3, there seems to be a timeout once the user is on the page for a request to be verified.

The returned error to the user is the default “Sender’s message failed to send” which doesn’t prompt the user to reload, or provide any way to reset the recaptcha check.

Has anyone else run into this, and know of a fix?

reCaptchav3 tokens expire. That means that if you visit a web where a form is for a long time the token expires and when the form is sent the captcha validation fails.

So this code:`
<li>File: wp-content/plugins/contact-form-7/modules/recaptcha.php</li>
<li>Function: wpcf7_recaptcha_verify_response</li>

<code>return ! $service->verify( $token );</code>

is going to fail.

While trying to fix this issue on my own I found these two pages which had the same token expiration problem on their frontends.

* <a href="https://stackoverflow.com/questions/54437745/recaptcha-v3-how-to-deal-with-expired-token-after-idle" rel="noopener noreferrer" target="_blank">reCAPTCHA V3: how to deal with expired token after idle?</a>
* <a href="https://github.com/google/recaptcha/issues/281" rel="noopener noreferrer" target="_blank">Using reCAPTCHA v3 in the frontend</a>

Not sure if the current code:

<script type=”text/javascript”>
( function( grecaptcha, sitekey ) {

var wpcf7recaptcha = {
execute: function() {
grecaptcha.execute(
sitekey,
{ action: ‘homepage’ }
).then( function( token ) {`

is equivalent to what its suggested in https://github.com/google/recaptcha/issues/281#issuecomment-435332795.

Hopefully Neil Murray sees an obvious problem here and might fix it.

I’m happy to review proposed code or beta plugins.

Thank you very much!

Note: As a workaround for this issue as many other people in the forum have suggested I’m going to turn off integration with reCaptchav3 and install this third party plugin: wpcf7-recaptcha (Contact Form 7 – reCaptcha v2). One of the reason is Google saying v2 is not going away in the short term on its faq page: https://developers.google.com/recaptcha/docs/faq .

What could be the problem?

What I have noticed is that clients that historically didn’t receive spam are now getting spam through. From what I understand about a month ago there was a problem with recaptcha v3 and CF7. I would expect this to be resolved now or some fix in place.

Is there some kind of fix for this?

I am also experiencing issues where a large amount of spam is not checked against the Recaptcha V3 API.

It appears that in wpcf7_recaptcha_verify_response in modules/recaptcha.php:109, if the $_POST['g-recaptcha-response'] is not provided, or is blank, this filter returns false indicating that the submission is not spam.

Therefore, spambots appear to be able to bypass the validation via the API by submitting an empty g-recaptcha-response form field.

I presume that changing

if ( ! $token ) {
   return $spam;
}

to

if ( ! $token ) {
  return true;
}

in this function would address the issue, as any submission that did not attempt the Recaptcha validation would be rejected.

Also, was wondering if you could provide a recaptcha v3 option since Google has added version 3.