Warning in reCAPTCHA Admin Console

I wonder, I setup using a recaptcha v3 in site reviews plugin yesterday. should i be adding that page to the exclusion list in your plugin?

To summarise:

• My website uses CATCHPA 4WP Premium on all WordPress pages (the check boxes), bbPress and Contact Form 7. No exclusions.
• My User Review page is where the Site Reviews form is and that plugin is setup with the same V3 recaptcha.

I am wondering if CATCHPA 4WP so either support the site reviews plugin. Or if the user reviews page should be excluded from CATCHPA 4WP so that Site Reviews does it.

Personally, I would like to switch off Site Reviews settings and have CATCHPA 4WP manage it all. But I will go with what ever is the right way forward.

I had feedback from the Site Reviews author here. To quote them:

This looks like it might be a C4WP issue.

C4WP executes the captcha to generate the token on page load.

Site Reviews executes the captcha to generate the token when the review form is submitted.

Also, the C4WP script that generates the reCAPTCHA token on page load does not perform any verification to determine if the input[name="g-recaptcha-response"] is created by itself or another plugin. This means that even if another plugin is executing reCAPTCHA on an action (instead of on page load), C4WP will still generate a token for it which is never used.

Finally, all reCAPTCHA v3 requests that are made by Site Reviews contain the submit_review action. You can see these on your reCAPTCHA admin dashboard.

Site Reviews

So this seems to be an issue with CATCPA 4WP. Should I just exclude the stated page in your settings to fix this? And, what about their statement that you don’t perform any verification.

I have excluded the user review page in the settings of C4WP. So, hopefully Site Reviews catchpa will work correctly now. I will check the admin console tomorrow.

But, I think the authors of C4WP should address the issues the other author raised.

• The token request should be done when you submit. Close to the action.
• Validation should be performed so you only process C4WP token data.

The Site Reviews author says:

I still see the inline C4WP script on your /user-reviews/ page which is executing recaptcha to generate a token on page load.

The “Top 10 actions” chart shows the top 10 actions by overall traffic for your site. So it is unlikely that you will see the submit_review action there since the advanced_nocaptcha_recaptcha action is being sent on every page load.

So even though I have excluded the page it is still loading. Unless that is caching.

Thank you for using our plugin @ajtruckle

Since you are using the Premium edition of the plugin please send us an email at [email protected]. In your ticket please make reference to this forum thread.

These forums are reserved to the Free edition users. Thank you for your cooperation and understanding.

It is ticket:

11922

The backend should have dedicated links for premium support. All it says is Free Email Support, Free Forum Support. No direct indication of emailing for Premium support.