Hi Fredpeng,
Thank you for your feedback!
I want to clarify a technical detail that might help you solve this:
- Object Cache vs. Page Cache
The “Redis Object Cache” plugin mainly stores database query results. It usually allows PHP to execute on every visit, so the Geo-Challenge logic (which checks for the cookie) should work fine even with Redis enabled.
However, if the challenge is looping or failing, it is almost always due to Page Caching (which stores the full HTML and skips PHP execution).
- Where to look
Since you cannot find an exclusion option in the Redis plugin (because it handles objects, not pages), please check if you have:
Another caching plugin installed: (e.g., WP Rocket, WP Fastest Cache, W3 Total Cache, Autoptimize, etc.).
Server-Level Caching: Some hosting providers enable Nginx FastCGI Cache or Varnish by default.
- The Solution
Wherever your Page Cache is managed, you need to add an exclusion rule. You must configure the cache to BYPASS (not cache) the page if the following Cookie is present:
advaipbl_js_verified
- One last check
Sometimes, old configuration data gets stuck in the Object Cache. Please try clicking the “Flush Cache” button in your Redis settings to ensure the plugin is reading the latest settings.
Let me know if you find another caching layer active!
Best regards,
Hi, IniLerm,
Thank you for your response. Let me do more research.
Meanwhile, for the reCAPTCHA Protection, after I set it up, I cannot make it. The error from the user side is:
ERROR: Please complete the reCAPTCHA verification.
And from the reCAPTCHA side, it shows:
Incomplete
Finish setting up your key: Request scores
To fully protect your site or app, finish setting up your key. Your key is requesting tokens (executes), but isn’t requesting scores (assessments).
I am using reCAPTCHA v3 and every information have been filled as required. Now I am not sure which extra steps I need to do to request scores. Can you kindly assist on this?
All the best!
Fred
Hi Fredpeng,
This error usually indicates a mismatch between the keys or that the verification process on the server side is being blocked.
Here is a checklist to solve it, ordered by the most common causes:
- The “Browser Autocomplete” Issue (Most Likely Site Key & Secret Key)
Since the “Secret Key” field in the settings is a password field, browsers often try to be helpful and overwrite it with your WordPress admin password or a saved password from another site without you noticing.
Action: Please go back to Security > Settings > Login & User Protection. Delete the content of the “Secret Key” field entirely, re-paste the correct key from your Google Console, and save.
- Key Version Mismatch
Google reCAPTCHA v2 and v3 keys are not interchangeable.
Action: Ensure that you created a v3 key type in the Google Admin Console and that you have selected “reCAPTCHA v3” in the plugin settings dropdown. If you use v3 keys with the v2 setting (or vice versa), it will fail.
- Caching & Minification
Since v3 relies on JavaScript to generate the token in the background:
Action: Please clear your site cache (Redis, WP Rocket, etc.) and your browser cache (Ctrl+F5). If you are using a plugin that minifies or defers JavaScript (like Autoptimize or Async JavaScript), try excluding the Google reCAPTCHA script from it.
Regarding the Google Console Warning:
The message “Your key is requesting tokens… but isn’t requesting scores” appears because the verification on your server is failing (due to the error above). Once you fix the keys/cache and the plugin successfully verifies a login, that warning in the Google Console will disappear automatically.
Let me know if re-saving the keys solves it!
Best regards,
Hi, IniLerm,
Thank you for your reply. I managed to follow your guide to set the reCAPTCHA again. I realized our theme has a cache function. After I cleared the theme cache and disabled it, I can still receive the error before when I am trying to login.
ERROR: Please complete the reCAPTCHA verification.
But from Google reCAPTCHA console, I can see the previous error disappeared and the status is Protected.
What could be the reason of that error?
All the best!
Fred
Hi Fredpeng,
This is great progress! Seeing “Protected” in the Google Console means the connection is working.
The error Please complete the reCAPTCHA verification specifically means that when the login form reaches the server, the hidden “recaptcha token” field is empty.
Since the keys are correct, this is likely a Front-end / JavaScript issue:
Are you using a custom login form?
Are you logging in via the standard /wp-login.php page, or are you using a custom login widget (e.g., a popup, sidebar widget, or WooCommerce “My Account” page)?
Why this matters: The plugin automatically adds the necessary hidden field to the standard WordPress login form. Some custom theme forms do not use the standard hooks, so the field might be missing or the JavaScript cannot find where to put the token.
JavaScript Console Check:
If possible, could you open your browser’s Developer Tools (F12) on the login page, go to the Console tab, and check if there are any red JavaScript errors? (e.g., “Cannot set property of null” or “grecaptcha is not defined”).
A quick test:
Please try logging in directly via yourdomain.com/wp-login.php (the default WP login page) instead of any custom login page provided by your theme. Does it work there?
Best regards,
Hi, IniLerm,
I am really appretiate your reply.
Yes, I found it works with /wp-login.php but not work with WooCommerce “My Account” page. We are running a few WooCommerce website. I found there are a few login entries on the website, but none is working except wp-login.php page.
All the best!
Fred
-
This reply was modified 5 months, 2 weeks ago by
fredpeng.
Hi @fredpeng,
Thank you for confirming. This clarifies the issue completely.
The problem is that your theme or WooCommerce template uses a custom login form that does not trigger the standard WordPress hooks (login_form). Because of this, our plugin cannot inject the reCAPTCHA code into those specific “My Account” forms.
Since we cannot modify your theme’s code, my recommendation is to disable reCAPTCHA to ensure your customers can log in smoothly, and instead rely on the other powerful layers of protection included in Advanced IP Blocker.
Recommended Security Setup for WooCommerce:
Even without reCAPTCHA, you can achieve enterprise-grade security by enabling these features:
AIB Community Defense Network (New in v8.6.2):
Where: Security > Settings > Threat Intelligence
Why: This blocks thousands of verified malicious IPs (many of which target login pages) before they even load your site. It is a shared global firewall.
AbuseIPDB Protection:
Where: Security > Settings > Threat Intelligence
Why: Create a free account for each site. This checks every visitor against a global database of hackers. It is extremely effective at stopping brute-force botnets.
Failed Login Blocking:
Where: Security > Settings > Threshold Blocking
Why: Set this to block an IP after 5 failed attempts. This stops brute-force attacks cold.
Login Page Lockdown Mode:
Where: Security > Settings > Login & User Protection
Why: If your site comes under heavy attack, this will automatically present a JavaScript challenge to visitors, filtering out bots without bothering humans.
Critical Hardening (Enable These):
Prevent Login Hinting: Stops hackers from knowing if a username exists.
REST API User Protection: Prevents bots from scraping your user list.
(Note: Do NOT enable “Whitelist Login Access” on a WooCommerce site, or you will block your customers).
2FA for Administrators (Highly Recommended):
If your server runs PHP 8.1+, enable Two-Factor Authentication and enforce it for Administrator roles. This makes your admin accounts virtually impossible to hack, even if they guess the password.
Final Tip:
Ensure your own IP and your server’s IP are in the Whitelist (Security > Dashboard > System Status) to prevent accidental lockouts while configuring these settings.
I hope this helps you secure your shops effectively! I will mark this topic as resolved, but feel free to open a new one if you have other questions.
Best regards,
-
This reply was modified 5 months, 2 weeks ago by
IniLerm.
Hi, IniLerm,
Well noted. Thank you very much.
All the best!
Fred
For the cache issue, I am trying to clear the cache and disable the theme cache option, then enbaled the Redis Object Cache, then issue occurs again when I try to use the Geo_challenge:
Verification failed. Please ensure JavaScript and cookies are enabled in your browser.
So I guess the issue is still with Redis Object Cache.
Hi Fred,
I have good news: Your site is working correctly.
I personally tested your website using a VPN from the United States (via Opera and other tools) to trigger the Geo-Challenge.
I was presented with the challenge screen.
I solved it.
I was successfully redirected to your shop and could browse normally.
Why are you seeing the error?
The error “Verification failed” usually happens during testing for two reasons:
Browser Cache/Cookies: If you are testing from the same browser where you are (or were) logged in as Admin, or if you have tested multiple times, your browser might be sending conflicting cookies or cached nonces.
Admin Conflict: The plugin is designed to never challenge administrators. If you are testing while logged in (or if your browser remembers your session), the logic gets confused because it tries to challenge a user who shouldn’t be challenged.
My advice:
Please try testing from a completely different browser (e.g., Opera (Free VPN), Firefox or Edge) in Incognito/Private Mode where you have never logged into your site. You will likely see that it works perfectly, just as it did for me.
The “Redis Object Cache” is innocent here. If it were breaking the logic, it would have broken it for me too.
You can rest assured that your real visitors are passing the challenge without issues.
Best regards,
Hi, IniLerm,
Thank you for your reply. At the moment I have disabled the “Redis Object Cache” plugin so it can succeed. But if I enable it, it will show the error.
All the best!
Fred
