reCAPTCHA not verifying solutions

Resolved teokitan
(@teokitan)

3 years, 3 months ago

Hi there, I have been getting lots of spam account registrations on my website despite having reCAPTCHA enabled in the profile builder (reCAPTCHA v2, the visible one). Checking the console, I see there are actually not that many requests (in fact, there have been more accounts created than captcha requests) and a warning is shown, stating “We detected that your site is not verifying reCAPTCHA solutions. This is required for the proper use of reCAPTCHA on your site.”

This hints to me the bots are probably circumnavigating the captcha and injecting javascript successfully since there is no POST verification. Any advice on how to solve this?

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Support alexandrubodea
(@alexandrubodea)

3 years, 2 months ago
Hi @teokitan,
1. Could you please provide the URL of the page where you encounter this reCAPTCHA issue?
2. Could you please go to your site’s Dashboard -> Plugins -> Installed Plugins -> and send screenshots with all the plugins you have installed on your site? Make sure that the Profile Builder plugin can also be seen.

You can use a site like https://snipboard.io/ to share the screenshots.

Best regards,
Thread Starter teokitan
(@teokitan)

3 years, 2 months ago

Sure.

Site URL

Thumbnail List
Plugin Support alexandrubodea
(@alexandrubodea)

3 years, 2 months ago
Hi @teokitan,

Please do the following test:
Disable the Profile Builder Registration form for one day (remove the [wppb-register] shortcode from that page), and check if you still have spam registration on your site. From what I can see you still have the default WordPress Registration form active on your site and attackers can (most likely) use that form to register on your site, or maybe you have another plugin that enables a registration form on your website.

Note: Also when trying to register on the Profile Builder Registration form on your site, we get the error message “You are not allowed to do this”. The error message “You are not allowed to do this” is most likely caused by having a caching plugin enabled. You will probably be able to solve this error message by excluding all the pages created with our shortcodes from the cache.

Best regards,
- This reply was modified 3 years, 2 months ago by alexandrubodea.
Thread Starter teokitan
(@teokitan)

3 years, 2 months ago

Thank you for your help @alexandrubodea, it seems that is the issue. However, I do not know how the default WordPress registration form is still active, considering I have not created a page that includes it. Could you explain how one can disable it?

Plugin Support alexandrubodea
(@alexandrubodea)

3 years, 2 months ago

To disable the WordPress Default registration you will need to go to your site’s Dashboard -> Settings -> General -> scroll down until you see the Membership option and then uncheck the “Anyone Can Register” box.

Best regards,

Thread Starter teokitan
(@teokitan)

3 years, 2 months ago

Thank you, it was enabled! I have now unchecked it, hope that solves the problem.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘reCAPTCHA not verifying solutions’ is closed to new replies.