Title: hCaptcha
Last modified: January 18, 2021

---

# hCaptcha

 *  Resolved [Danny murphy](https://wordpress.org/support/users/nasherx/)
 * (@nasherx)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/hcaptcha-3/)
 * Having an issue with using [hCaptcha’s WordPress Plugin](https://github.com/hCaptcha/hcaptcha-wordpress-plugin)
 * On the login, the captcha succeeds in validating the human, however on submitting
   the login form with successful captcha the login is failing for invalid captcha.
   It only happens when wordfence is enabled
 * Successful human verification: [https://ibb.co/wdrCvLX](https://ibb.co/wdrCvLX)
   
   Invalid captcha: [https://ibb.co/bBYfP2s](https://ibb.co/bBYfP2s)
 * The issue doesn’t occur on other forms within the site, only the login form. 
   How would i set this to bypass wordfence? Or do wordfence need to allow it at
   their backend?

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/hcaptcha-3/#post-13926381)
 * Hi [@nasherx](https://wordpress.org/support/users/nasherx/), thanks for getting
   in touch.
 * Thanks for the screenshots to explain the issue. Are you receiving any Javascript
   console errors when the “Captcha is invalid” message displays? If so, it’d be
   great to see a shot of that too.
 * This could either be a conflict, or could be that a script is being blocked.
 * Firstly, in order to rule Wordfence in/out as the sole culprit for the conflict,
   you can install a maintenance mode plugin and disable all plugins _except_ Wordfence
   and hCaptcha. Does the issue still persist? If not, re-enable all plugins one-
   by-one to see when the issue reoccurs.
 * [Learning Mode](https://www.wordfence.com/help/firewall/learning-mode/) could
   help and you should give this a try next, if disabling plugins didn’t rule Wordfence
   out. From the Wordfence Dashboard click on **Manage WAF**. Then you will see **
   Basic Firewall Options > Web Application Firewall Status**. Change the option
   to Learning Mode. This will help Wordfence learn that any actions during this
   time are normal and it will allow them in the future. Try logging in on the page
   with hCAPTCHA again during this time. Afterwards, switch the WAF from Learning
   Mode back to **Enabled and Protecting**.
 * If that hasn’t done the job, we can try installing the Enable jQuery Migrate 
   Helper plugin below to see if the issue is resolved. Wordfence is fully compatible
   with WordPress 5.6, but some plugins may not be: [https://wordpress.org/plugins/enable-jquery-migrate-helper/](https://wordpress.org/plugins/enable-jquery-migrate-helper/)
 * Please let me know how you get on!
 * Thanks,
 * Peter.
 *  Thread Starter [Danny murphy](https://wordpress.org/support/users/nasherx/)
 * (@nasherx)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/hcaptcha-3/#post-13929271)
 * Hi [@wfpeter](https://wordpress.org/support/users/wfpeter/)
 * No unfortunately there isn’t any output to the console at all. I’ve done some
   testing and confirmed wordfence is the culprit, however I also found it only 
   fails when 2FA is configured on the user account. Is there anything that can 
   be done in the configs to get it working or is it a change in the plugin code?
   Or incorporate hCaptcha as an alternative to Google’s captcha maybe?
 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/hcaptcha-3/#post-13964442)
 * Hi [@nasherx](https://wordpress.org/support/users/nasherx/), sorry for the slightly
   delayed response but we wanted to run some tests around the configuration you
   have described in case hCaptcha needed to be added to our list of incompatible
   plugins with Wordfence 2FA.
 * Without any configuration tweaks at all, I have:
 * – Enabled Wordfence 2FA
    – Disabled my previous reCAPTCHA solution – Registered
   for hCaptcha and downloaded the WordPress plugin – Enabled hCaptcha for the login
   form in the plugin settings
 * I am able to successfully complete the username/password/hCaptcha combination
   and am presented with the 2FA code page, which signs me in after completion.
 * I would strongly suggest disabling all plugins other than hCaptcha and Wordfence,
   and switching to a default theme such as Twenty Twenty to see if you can find
   that one of your other plugins or theme scripts are causing the conflict that
   breaks the hCaptcha checks. You may wish to use a maintenance mode plugin during
   this time which will prevent site visitors from seeing the theme change or breaking
   of plugin functionality.
 * Thanks again,
 * Peter.
 *  Thread Starter [Danny murphy](https://wordpress.org/support/users/nasherx/)
 * (@nasherx)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/hcaptcha-3/#post-13987599)
 * Hi [@wfpeter](https://wordpress.org/support/users/wfpeter/), I’ve done some more
   testing with plugins disabled and the theme as the default 2020 one.
 * If the 2FA code is ticked to be remembered or the IP is entered in the allowlisted
   bypass section the error is thrown, but without these the login is successful.
 * For now, I’ve removed all IPs from the bypass section and disabled the remembering
   2FA for now.
 * I’ll see if i can record a video of it one night this week
 * Thanks
    Danny
 *  Thread Starter [Danny murphy](https://wordpress.org/support/users/nasherx/)
 * (@nasherx)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/hcaptcha-3/#post-13988605)
 * Hi [@wfpeter](https://wordpress.org/support/users/wfpeter/),
 * I’ve uploaded a video if it helps:
    [https://youtu.be/9voEAOaqvU0](https://youtu.be/9voEAOaqvU0)
 * I sped parts up and censored my IP address where needed
 * Thanks
    Danny
 *  Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * (@wfpeter)
 * [5 years, 4 months ago](https://wordpress.org/support/topic/hcaptcha-3/#post-13996317)
 * Hi [@nasherx](https://wordpress.org/support/users/nasherx/),
 * Thanks for your detailed responses, that’s great information. We don’t recommend
   adding IPs to the bypass section under most circumstances as Wordfence is bypassed
   in its entirety, so could certainly be the source of a problem when the site 
   relies on Wordfence 2FA to proceed.
 * I am able to remember user during my tests also, but I will forward your comments
   to the developers in case they can find a use-case to replicate the results you
   have been seeing.
 * Thanks,
 * Peter.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘hCaptcha’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [hcaptcha](https://wordpress.org/support/topic-tag/hcaptcha/)

 * 6 replies
 * 2 participants
 * Last reply from: [wfpeter](https://wordpress.org/support/users/wfpeter/)
 * Last activity: [5 years, 4 months ago](https://wordpress.org/support/topic/hcaptcha-3/#post-13996317)
 * Status: resolved