- This topic has 3 replies, 2 voices, and was last updated 1 week ago by
. This post has been viewed 186 times
-
Posts
-
Dear Porto Support Team,
I’ve run into a reCAPTCHA integration issue that affects both v2 and v3 implementations using your contact form scripts (particularly contact-form-recaptcha-v2.php and related files).
Google now appears to force both reCAPTCHA v2 and v3 through their Enterprise system, even when selecting the traditional options in the setup. While the front-end scripts (async + data-sitekey) still function normally, the server-side validation fails unless the site is authenticated for Enterprise — or unless additional token validation and headers are handled explicitly.
This change breaks compatibility with the current verification logic in your scripts, which still use:
file_get_contents(‘https://www.google.com/recaptcha/api/siteverify?secret=…’😉
or the equivalent cURL method — both of which return a failed success: false response under Google’s current enforcement.Request:
Please review and consider updating the Porto contact form handlers to:Provide explicit support for reCAPTCHA Enterprise where applicable
Detect or guide developers when a token is Enterprise-based
Include any necessary API headers or authentication where Google’s updated reCAPTCHA now requires it
This change affects any site using new keys, even for the basic checkbox (v2) or score-based (v3) models. It’s no longer possible to create non-Enterprise keys in some cases without elevated verification.
Let me know if you’d like my test case or console outputs — I’d be happy to share.
Thank you for your continued support and for providing a great theme
Hello, thanks for your purchase and for using Porto.
Regarding that problem, this is very strange, it actually is the first time someone complains about that so I checked carefully all the steps from our ducumentation and started a new site to test if that still works.
1) I created a new google account for test purposes (simple account, and different from the one we use in our previews).
2) Created a new project on Google Cloud Platform.
3) Created 2 new API keys for recaptcha 2 and 3 at https://www.google.com/recaptcha/admin/create
4) Created 2 HTML files and uploaded to our server:
https://www.okler.net/tests/contact-recaptcha/contact-us-recaptcha-v2.html
https://www.okler.net/tests/contact-recaptcha/contact-us-recaptcha-v3.htmlBoth worked well. So, I think this is something related to a very specific account (or maybe country related) issue, because we are still able to create the API keys the same way as before, the Enterprise is not being forced for our account and I couldn’t find anything related to that on the web. Are you able to make the same tests with a personal (or a new one) account?
You are right when you say that the Enterprise API works in another way to validate and our script will no longer works. We will check it further to see how to update that to work on Enterprise version as soon it’s mandatory.
Hope that makes sense.
Thanks!
