Notice: This thread is over two years old; the information may be outdated. Please consider creating a new thread if you require free support. If you have an active SiteOrigin Premium license, you can email our premium support desk at [email protected].
Hi, I have a problem with the Contact Form widget, I have set the keys of ReCaptcha v2 but it does not block spam and from the Google console it states that there have been no challenges, no positive or negative checks, no data. Yet I get spam emails every day.
Is there a way to check where the problem lies?
Version:
Page Builder 2.16.11
Widgets Bundle 1.33.0
Thank
Hi Martyn
Do you have a public URL where we can take a look at what’s going on?
Thanks
Andrew
Yes, public URL is https://www.immensonet.it/contatti/
If you need anything else, I’m at your disposal
Thanks for the URL. Everything looks in order as far as I can see. Do you perhaps want to try adding Akismet as another layer? The Akismet plugin can be installed from PluginsAdd New. Within the SO Contact Form Widget, you’ll find an Akismet setting in the Spam Protection section.
No, I will follow this. When I receive the spam, I will trace the servers back to find the real origin of the message. I could have ended up in a spam database, and therefore does not start from my site but fakes and emulates the request.
Thank you for URL control
Thanks for the update. Please, let us know how it goes.
Kind regards
Andrew
Hi, I come back to report this notice that I receive on the recaptcha panel referring to my website
“We have found that your site does not verify reCAPTCHA solutions. This is required in order to successfully use reCAPTCHA on your site. For more information, please visit our developer site.”
and refer me to this link: https://developers.google.com/recaptcha/docs/verify#api-request
I hope it was helpful in solving this problem, sorry my bad english
Thank
Hi Martyn
I’ve asked Alex here at SiteOrigin to take a look at your feedback. He’ll get back to us tomorrow.
Thanks
Andrew
Hi Martyn
Thanks for the wait. We’ve investigated and can confirm that we’re verifying the reCAPTCHA result and Google is correctly validating and rejecting requests. You can see our code for it here:
https://github.com/siteorigin/so-widgets-bundle/blob/develop/widgets/contact/contact.php#L1245-L1263
Google is also validating the result locally.
Could you perhaps take a screenshot of your API settings and upload it to your Media Library or any online source like WeTransfer and share the link so we can take a look?
Hi, I don’t know how to recreate what is required. I can take a screenshot of the recaptcha setup, but more than the keys and button display settings, there is nothing else useful.
A question? Does the Widget use XMLRPC?
Hi Martyn
Thanks for your patience.
Would it perhaps be possible to take a couple of screenshots from the admin for the site at https://www.google.com/recaptcha/admin/ and email them to [email protected]?
Example: https://imgur.com/a/ymUN80o
Ok, email send :)
Thanks for the email to our support desk.
A question? Does the Widget use XMLRPC?
No, we don’t. reCAPTCHA doesn’t interface with XMLRPC. We directly communicate with Google using the standard verification method and that’s solely using the code here https://github.com/siteorigin/so-widgets-bundle/blob/develop/widgets/contact/contact.php#L1245-L1263.
For interest’s sake, here are the stats from testing we did yesterday, Reporting seems to be delayed by about 12 hours.
https://siteorigin.com/wp-content/uploads/2022/05/2022-05-10_20-41-22-1653.jpg
When inspecting your contact page we can see that form is successfully passing the reCAPTCHA response to the server meaning the client-side is working as expected.
https://siteorigin.com/wp-content/uploads/2022/05/2022-05-10_20-45-32-1654.jpg
I’ll reply further a bit later. Thanks again.
Hi Martyn,
I’ve looked over our reCAPTCHA verification code and I’m not seeing any issues which could result in your website not communicating with Google. I’ve prepared a modified version of SiteOrigin Widgets Bundle which will output the data returned by Google. This should hopefully provide insight into what Google is seeing. click here to download that patched version.
Before proceeding, do a backup.
Navigate to PluginsInstalled Plugins and deactivate SiteOrigin Widgets Bundle and then delete it. Scroll to the top of the page and click Add New, Upload Plugin. Upload so-widgets-bundle.1.33.2-recaptcha-debug.zip and when prompted activate it. Fill out the contact form and reply with a copy of debug information that appears after submission.
You’ll now need to reinstall the release version as the debug build is purely for debugging so it’s not able to be used outside of that in a reliable manner. Please navigate to PluginsInstalled Pluginsand deactivate SiteOrign Widgets Bundle and scroll to the top of the page and click Add New. Search for SiteOrigin Widgets Bundle and install it. When prompted, activate it.
Kind regards,
Alex
Hi Alex,
result of test with admin login:
object(WP_Error)#15918 (3) { [“errors”]=> array(1) { [“http_request_failed”]=> array(1) { [0]=> string(58) “cURL error 28: Resolving timed out after 5000 milliseconds” } } [“error_data”]=> array(0) { } [“additional_data”:protected]=> array(0) { } }
resul of test without admin login:
array(3) { [“success”]=> bool(true) [“challenge_ts”]=> string(20) “2022-05-13T10:42:30Z” [“hostname”]=> string(17) “www.immensonet.it” }
Third attempt, deleted the cookie and cleared the cache:
array(3) { [“success”]=> bool(true) [“challenge_ts”]=> string(20) “2022-05-13T10:47:56Z” [“hostname”]=> string(17) “www.immensonet.it” }
Mobile Phone Browser:
array(3) { [“success”]=> bool(true) [“challenge_ts”]=> string(20) “2022-05-13T10:50:26Z” [“hostname”]=> string(17) “www.immensonet.it” }
Thanks
Hi Martyn,
Thanks. According to the results, tests 2, 3, and 4 were successful and validated by Google. Test one failed due to the connection to Google timing out. That’s very unusual and it indicates an issue with the local server rather than Google’s servers. I recommend reaching out to your hosting provider and asking if the latest version of CURL is present, or if there’s a firewall, CDN, or any sort of security module that could be blocking the request.
Kind regards,
Alex
I am the provider :) I manage the machines and CURL is the latest version.
It could be an AIOWP security rule, check if anything has changed. Is the verification done through normal https communication?
I investigate problem
Hi Martyn,
Sounds good. Let me know how you go. :)
Yes. The specific URL can be found here.
Kind regards,
Alex