reCAPTCHA key security alert
-
We recently set up Contact Forms 7 and followed this page to setup reCAPTCHA with a new Google account: reCAPTCHA (v3) | Contact Form 7.
But now we received an E-Mail from Google “Security alert for your reCAPTCHA key”, saying we aren’t protected, our setup is incomplete and “It’s likely that you have missed the step: verify the reCAPTCHA token, because reCAPTCHA has not received any token verification1 requests from your site backend.”
The frontend seems to work fine, the form is working, the reCAPTCHA admin console is showing a number of requests and the reCAPTCHA badge is displayed at the bottom right of the page.If I understood it correctly, the frontend sends a response token to the application backend after submitting the form. In the application backend this response token is then being sent to reCAPTCHA for verification (reCAPTCHA returns a risk score indicating the likelihood of a legitimate interaction). But this backend part is not working.
In the Google Cloud Console where the reCAPTCHA keys are managed, it also says “Status: unprotected” and some links redirect to Authenticate to reCAPTCHA | Google Cloud or Create assessments for websites | reCAPTCHA | Google Cloud. I have not read those in detail but I assumed this backend part was also handeled by Contact Forms 7?
Has this happend to someone before?
Am I missing something here?The page I need help with: [log in to see the link]
-
(@anonymized-23393328)
My bad, you can see it here:
(link moved below 1st topic post by moderator)
To me it looks like the issue is in the backend and the frontend appears to be working fine, so I didn’t think it was necessary
@curzonpr what do you mean by resetting the key? I tried removing the key from the plugin and added it again, in case the secret key was somehow incorrect before but that didn’t resolve the issue.
(@anonymized-23393328)
(@anonymized-23393328)
(@anonymized-23393328)
The topic ‘reCAPTCHA key security alert’ is closed to new replies.
