Thank you. I made those changes.
I found this –
Status:Order deniedInfo:
Feb 27, 2026 07:47:02
(floetermusic.com)
Rhinelander, Wisconsin, United States
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Mobile Safari/537.36CleanTalk ID:17bea0fef9bd5f215ab524dd2348c12eCopy to clipboardPage URL: https://floetermusic.com/product/hymns-for-young-hands-e-set-a/Referrer:https://floetermusic.com/product/hymns-for-young-hands-e-set-a/Source: https://www.google.com/History URLs
Group URL #Time URL 1Feb 27 2026, 07:46:32http://floetermusic.com/wp-content/cache/wpfc-minified/1chjx1od/hfmse.css2Feb 27 2026, 07:46:32http://floetermusic.com/wp-content/cache/wpfc-minified/7iqf8vum/hfmte.css3Feb 27 2026, 07:46:32http://floetermusic.com/wp-content/cache/wpfc-minified/lnbh9zx3/hfmte.css4Feb 27 2026, 07:27:57http://floetermusic.com/product/short-and-advent/5Feb 27 2026, 07:27:46http://floetermusic.com/product/hymns-for-young-hands-e-set-a/
Message:
1
a:3:{s:8:”quantity”;s:1:”1″;s:11:”add-to-cart”;s:4:”2243″;s:20:”apbct_visible_fields”;s:184:”eyIwIjp7InZpc2libGVfZmllbGRzIjoicXVhbnRpdHkiLCJ2aXNpYmxlX2ZpZWxkc19jb3VudCI6MSwiaW52aXNpYmxlX2ZpZWxkcyI6ImN0X2JvdF9kZXRlY3Rvcl9ldmVudF90b2tlbiIsImludmlzaWJsZV9maWVsZHNfY291bnQiOjF9fQ==”;}
*** Forbidden. Fraud prevention. ***
Both WooCommerce and CleanTalk tech support have been great during this process. Thanks to both. My site is working great again with reCaptcha.
I disabled most of my plugins. Switched to Storefront. Cleared cache. It still failed. But then I deactivated CleanTalk. Lo and behold it worked! The thing is I had contacted CleanTalk first and they said they had nothing to do with recaptcha!
I will contact them again since I can now make it fail on my staging site. That’s the key. I hate disabling spam checking on a live site. They are a good company so I expect they will respond well.
Thanks so much for your guidance. I will keep you informed on what I find.
I need you to check into this.
In January I enabled the reCaptcha feature in WooCommerce. It seemed to work and I had 10’s of orders come through with no complaints. In the past week I’ve had two customers contact me saying that they see the reCaptcha checkbox and they check it, but when they go to pay, it just takes them back to the same checkout screen. One reported it this way – “I have books in my cart to purchase, but when I click on debit/credit card to pay, it takes me back to the “captcha” repeatedly and I can’t place my order.”
What I found is that if I deactivate CleanTalk it works fine. But with CleanTalk running, I have the issue.
I am able to repeat the issue on a staging site. I set the Threshold to 1 so it asks for the are you a robot checkbox each time. When I click the ‘by Debit or credit card’ on the checkout screen, it just scrolls back up and doesn’t let me enter a credit card number. I am able to make it fail on my staging site as well as the live site.
ChatGPT tells me this –
The JSON response + payload tells us exactly what’s happening:
- The server is rejecting the
?wc-ajax=ppc-create-order call with ppcp_recaptcha_missing_token.
- In your request payload,
g-recaptcha-response is empty.
- The only reCAPTCHA-looking token I see is inside the big
form_encoded=... string (ppcp_recaptcha_token=...), but the backend is still deciding “no token was provided”.
So this is not “you didn’t solve the picture puzzle.” It’s a token handoff problem: the PayPal Payments “create order” request isn’t delivering the token in the exact place/format the plugin expects at the moment it creates the order, so it loops you back. This matches what WooCommerce describes: their PayPal Payments CAPTCHA is a layered v3→v2 system and order creation is blocked when verification isn’t present. Two important observations from your payload
g-recaptcha-response= is blank
That’s the standard field reCAPTCHA v2 normally fills. When it stays blank, lots of integrations interpret that as “CAPTCHA not completed,” even if the widget UI still looks checked.- This is happening on the card funding source path
Your payload includes ppcp-funding-source=card. Your customers specifically said it fails when they click Debit/Credit Card. So the problem is very likely specific to the card button flow, not PayPal in general.
Thanks for any help.
I will work on getting another staging site where I can disable plugins. I’ll keep you informed.
I might have been wrong about Safari working. Looks like both fail.
I am able to repeat the issue! I set the Threshold to 1 so it asks for the checkbox each time. I found it fails with Chrome, not Safari. When I click the by Debit or credit card, it just scrolls back up and doesn’t let me enter a credit card number. I am able to make it fail on my staging site as well as the live site.
ChatGPT tells me this –
The JSON response + payload tells us exactly what’s happening:
- The server is rejecting the
?wc-ajax=ppc-create-order call with ppcp_recaptcha_missing_token.
- In your request payload,
g-recaptcha-response is empty.
- The only reCAPTCHA-looking token I see is inside the big
form_encoded=... string (ppcp_recaptcha_token=...), but the backend is still deciding “no token was provided”.
So this is not “you didn’t solve the picture puzzle.” It’s a token handoff problem: the PayPal Payments “create order” request isn’t delivering the token in the exact place/format the plugin expects at the moment it creates the order, so it loops you back. This matches what WooCommerce describes: their PayPal Payments CAPTCHA is a layered v3→v2 system and order creation is blocked when verification isn’t present. Two important observations from your payload
g-recaptcha-response= is blank
That’s the standard field reCAPTCHA v2 normally fills. When it stays blank, lots of integrations interpret that as “CAPTCHA not completed,” even if the widget UI still looks checked.- This is happening on the card funding source path
Your payload includes ppcp-funding-source=card. Your customers specifically said it fails when they click Debit/Credit Card. So the problem is very likely specific to the card button flow, not PayPal in general.
Thanks for any help.
I understand. I was just wondering if there was anything in Cleantalk I needed to uncheck so it would not interfere with the reCPATCHA. If not, I’m good. Thank you.
Thank you for your reply. The problem is that I can not make it fail here on any system I have, so it is hard to test if anything has been corrected. But using AI gave me a clue where I was seeing this error when loading my product pages.
product_cat=bundles:581 Uncaught TypeError: jQuery(…).nivoSlider is not a function at testwoo5/?product_cat=bundles:581:27 at dispatch (jquery.min.js?ver=3.7.1:2:40035) at v.handle (jquery.min.js?ver=3.7.1:2:38006)
AI thought that that error might be causing a delay that might prevent the Add to Cart button to become enabled. I added a code snippit to remove that error when loading those pages.
Do you think that error might be causing the issue for some customers?
Time will tell if it resolves the issue.
Thank you so much. I will do that. CleanTalk is a fantastic product! Keep up the good work.
Thanks for the great product and fantastic support!!
Didn’t mean to pressure you. I totally understand the support thing.
Did the errors I sent you help in diagnosing the issue? Anything else I can send you or report to you that would help?
