ReCaptcha Conflicts with Other ReCaptcha Plugins

Hi @mystyleplatform, thanks for getting in touch with us!

The issue looks to be that we don’t load Wordfence’s reCAPTCHA assets on custom login pages, which are currently unsupported. However, if our reCAPTCHA is enabled, it expects ALL logins to have the data during processing of WordPress’ login hooks so it can still cause logins to fail if the reCAPTCHA data we’re expecting isn’t present.

Looking at the UsersWP ReCaptcha plugin, it appears to be an addon for the UsersWP plugin for the registration page only, which would explain why it isn’t on the WordPress and WooCommerce login forms. Turning off our reCAPTCHA is probably best if you need the other one but Wordfence’s reCAPTCHA is designed to work with the default WordPress registration/login pages along with those from WooCommerce if that’s all your site requires.

It may be hard for us to avoid all conflicts such as this by design because custom login forms produced by other plugins may behave differently, but the development team has been made aware of the issue you’re reporting here and your proposed solution.

If you are able to do any development work yourself, the filter we provide to disable the captcha only when a login is being submitted for the other plugin’s custom page is possible: https://www.wordfence.com/help/login-security/#customizing-captcha-behavior-with-wordpress-filters

Due to the number of Wordfence installations out there, we are unfortunately unable to support/advise custom code on an individual basis.

Thanks,

Peter.

So if I get you right – we can use the Code Snippets plugin for example (to avoid needing child theme etc), paste your filter code, and it will fix it by omitting wordpress recaptcha loading on UsersWP login/registration pages?

For now, for anyone else experiencing this, the workaround is to use ReCaptcha v2 with UsersWP, and ReCaptcha v3 with Wordfence, as v2 and v3 seem to not conflict with each other, but multiple v3s do.

Your assumption is correct, yes that “wordfence_ls_require_captcha” can be used to omit Wordfence’s requirement for a reCAPTCHA response when you only need one for forms using UsersWP.

As another workaround, I was able to solve this by using ReCaptcha v3 with Wordfence, and ReCaptcha v2 with all other plugins. No more conflicts.

Now I have a slightly different issue with the ReCaptcha loading, which might benefit from the same suggested filter. The recaptcha script include from google is now loading on every page including pages that don’t need it (most pages, homepage, landing pages, etc) and is apparently the heaviest thing on the entire page slowing it down more than any other scripts.

See this tree map from Google Page Insights: https://imgur.com/a/4Id7SWs

Can you put an example of how to properly use the filter to remove google recaptcha on pages that don’t need it? Assuming we don’t have a login on every page, just the normal woo commerce my account login and the wordpress login, registration page, etc.

Would it be something like this:

// check for register / login
    $isRegisterOrLogin = function_exists('login_header') || ($GLOBALS['pagenow'] == 'wp-login.php' && isset($_REQUEST['action']) && $_REQUEST['action'] == 'register');

// check for common no-recaptcha pages
    $noReCaptchaNeeded = is_user_logged_in() || is_front_page() || is_home();

// login and register needs recaptcha.  common no-recaptcha pages dont.
    $needsReCaptcha = $isRegisterOrLogin || is_account_page() || is_cart() || is_wc_endpoint_url( 'lost-password' );

// dont use recaptcha if its not needed.
    if($noReCaptchaNeeded && !$needsReCaptcha) {
        add_filter( 'wordfence_ls_require_captcha', '__return_false' );
    }

Update: I tried this via add_action and some additional conditions for the right pages and it works. Please let me know if I missed any known pages that are a security risk without recpatcha, but I think I got the main ones at least.

Not fully optimized or minified code yet, but here’s an example that works for me if anyone else needs it:

function no_wf_recaptcha(){
	return false;
}

add_action( 'wp_enqueue_scripts', 'filter_recaptcha', 1 );
function filter_recaptcha(){
	
// check for register / login
    $isRegisterOrLogin = function_exists('login_header') || ($GLOBALS['pagenow'] == 'wp-login.php' && isset($_REQUEST['action']) && $_REQUEST['action'] == 'register');

// check for common no-recaptcha pages
    $noReCaptchaNeeded = is_user_logged_in() || is_front_page() || is_home();

// login and register needs recaptcha.  common no-recaptcha pages dont.
    $needsReCaptcha = !$needsReCaptcha && ($isRegisterOrLogin || is_account_page() || is_checkout() || is_cart() || is_wc_endpoint_url( 'lost-password' ));

// dont use recaptcha if its not needed.
    if($noReCaptchaNeeded && !$needsReCaptcha) {
        add_filter( 'wordfence_ls_require_captcha', 'no_wf_recaptcha' );
    }
}