Title: Active PHP session in Captcha plugin breaks REST API functionality
Last modified: August 8, 2025

---

# Active PHP session in Captcha plugin breaks REST API functionality

 *  Resolved [ronex1](https://wordpress.org/support/users/ronex1/)
 * (@ronex1)
 * [9 months, 3 weeks ago](https://wordpress.org/support/topic/active-php-session-in-captcha-plugin-breaks-rest-api-functionality/)
 * Hello,
 * When using your Captcha plugin on a WordPress site, the Site Health tool reports
   critical errors:
    - An active PHP session is detected (session_start() is called, but session_write_close()
      is missing).
    - REST API returns errors and does not function correctly.
 * The issue is that the plugin starts a PHP session using `session_start()` but
   does not properly close it with `session_write_close()`. This causes conflicts
   with the REST API and negatively impacts site performance.
 * As a result, when your plugin is active:
    - REST API functionality breaks.
    - Critical errors appear in the WordPress Site Health status.
    - If `session_write_close()` is added immediately after `session_start()` in
      the plugin or theme to fix the issue, the captcha no longer works correctly
      and always shows “Incorrect verification code.”
 * Therefore, a proper handling of PHP sessions is needed:
    - Either close the session appropriately before REST API and other HTTP requests
      to avoid blocking.
    - Or use alternative methods to store temporary data without interfering with
      HTTP requests.
 * Please consider updating the plugin to correctly manage PHP sessions so it fully
   supports WordPress REST API and related features.
 * Thank you!
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Factive-php-session-in-captcha-plugin-breaks-rest-api-functionality%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 1 replies (of 1 total)

 *  Plugin Author [Alexandru Tapuleasa](https://wordpress.org/support/users/talextech/)
 * (@talextech)
 * [9 months, 3 weeks ago](https://wordpress.org/support/topic/active-php-session-in-captcha-plugin-breaks-rest-api-functionality/#post-18591246)
 * Yes, Captcha Code does use sessions which can cause issues 🙁
   You can try our
   other plugin, [https://wordpress.org/plugins/advanced-google-recaptcha/](https://wordpress.org/plugins/advanced-google-recaptcha/)
   which uses cookies instead and also have just plain Math captcha available if
   you don’t want to bother with API keys.

Viewing 1 replies (of 1 total)

The topic ‘Active PHP session in Captcha plugin breaks REST API functionality’ is
closed to new replies.

 * ![](https://ps.w.org/captcha-code-authentication/assets/icon-256x256.png?rev=
   3013521)
 * [Captcha Code](https://wordpress.org/plugins/captcha-code-authentication/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/captcha-code-authentication/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/captcha-code-authentication/)
 * [Active Topics](https://wordpress.org/support/plugin/captcha-code-authentication/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/captcha-code-authentication/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/captcha-code-authentication/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Alexandru Tapuleasa](https://wordpress.org/support/users/talextech/)
 * Last activity: [9 months, 3 weeks ago](https://wordpress.org/support/topic/active-php-session-in-captcha-plugin-breaks-rest-api-functionality/#post-18591246)
 * Status: resolved