Contact Form 7 & reCAPTCHA v3 issue

Apr 29, 2020 | , , , , | System Administration | 0 comments

Recently I encountered a problem on my website with my contact form. Every time I’d test it I would get an error on submit saying “There was an error trying to send your message. Please try again later.” My website is built in WordPress. I use the Divi theme and the Contact Form 7 plugin for handling my contact form submissions. These are integrated with SuiteCRM so that every time the form is used a lead is created in my CRM so that I can handle it accordingly. I was actually working on some configuration in my CRM and needed a test lead to work with when I discovered this issue. The error message that I encountered is the default message that is displayed when a message is treated as spam by the Contact Form 7 plugin. The long and short of my investigation into the issue has lead me to a known issue with Google reCAPTCHA v3 where the algorithm that is used to evaluate something as spam doesn’t always get it right. In any case, here are some thoughts for those that might be encountering the same issue that I’ve faced.

The first thing to do to determine if your issue is the same as mine is to change your reCAPTCHA v3 keys and re-configure Contact Form 7 reCAPTCHA integration with the new keys. If the problem goes away it is not an issue with Contact Form 7. To further confirm this I, along with the author of the Contact Form 7 plugin recommend that you install another plugin called flamingo which stores messages processed by Contact Form 7. Those messgages that were classified as spam by reCAPTCHA will be shown in the “Spam” section of the Inbound Messages list of the Flamingo Plugin.

flamingo Inbound Messages list spam filter
flamingo spam log feature

When you click on the the message listed in spam there is a widget that displays on the right hand side of the screen titled Status. This widget will tell you specifically what the Google reCAPTCHA score was that Google returned to Contact Form 7 when requested.

You can read more about this in the “Why is this message marked ‘Spam’” article on the Contact Form 7 website. I’ve included a screenshot they provide in the article to show the Spam log feature.

In my case, when I looked at the Spam log for my messages, Google was scoring them at 0.10 and obviously this is lower than the threshold set by Contact Form 7 at 0.5 and therefore the reason my messages were being treated as spam. The only way for me to fix this was by re-creating the site and secret reCAPTCHA v3 keys and re-configure Contact Form 7 integration to use the new keys. When I did this Google was returning a score of 0.9 for the exact same kind of messages as shown here in the flamingo message details for one of those messages.

This is apparently an issue that has been going on for some time. It was raised as issue 248 on the reCAPTCHA github repo in August of 2018 and the latest comment on the issue is dated March 9th of this year (2020). And it appears from reading through the comments that the only real workaround is to change the keys when the issue is encountered. I guess it’s just a matter of the v3 algorithm getting better at determining what is legitimately spam and what is a valid form submission. For now I plan on continuing with v3 unless the issue persists. If it does, I may switch to v2 which apparently is possible with Contact Form 7 through the use of yet another plugin called “ReCaptcha v2 for Contact Form 7“.

I have seen some suggest that the Contact Form 7 plugin developer change the threshold from 0.5 to something lower but in my case this wouldn’t work as all form submissions were being scored by Google reCAPTCHA at 0.1. If you set the threshold to 0.1 then you might as well not concern yourself with reCAPTCHA because that would evaluate most, if not all, form submissions as valid even those that are spam.

Evenso, I haven’t tried this myself and so can’t guarantee that it wold work but you cold always change the PHP for Contact Form 7 yourself as a test to see if this helps in your case. Of course you do this at your own risk. In order to do this it looks like you’d have to edit the recaptcha.php file found in /wp-content/plugins/contact-form-7/modules. Find the function called get_threshold(), there is only one line in it which looks as follows:

public function get_threshold() {
  return apply_filters( 'wpcf7_recaptcha_threshold', 0.50 );

You could change the 0.50 value to something lower and see if that has any effect on resolving your situation. Bear in mind though that this change would be overwritten anytime you run an update for the Contact Form 7 plugin so this would only realistically be something that you would do as a temporary test to investigate the situation. Here is what it could look like with such a change:

public function get_threshold() {
  return apply_filters( 'wpcf7_recaptcha_threshold', 0.30 );

I have also seen some people have the issue where it works fine on a desktop browser but fails in a mobile browser. This was not the case for me, it failed both on a desktop and on my android. It also failed across browsers for me, I tested it on Chrome and Firefox.

So the net net is that this is a known issue with Google reCAPTCHA and thus is likely not related to Contact Form 7. The short term work around is to change the reCAPTCHA keys and re-configure Contact Form 7 integration with your new keys. If the issue persists then you could always downgrade to reCAPTCHA v2 until v3 becomes a little more reliable. I’d love to hear your thoughts on this issue if would be willing to share! Also if you’re interested in getting help with issues like this and any other kids of IT related problems, don’t hesitate to contact me using the contact form that this blog post is about! Hopefully it works when you try!


Submit a Comment

Your email address will not be published.