Support » Plugin: HumanCaptcha by Outerbridge » Active PHP session causes a critical issue shown on Site Health Status

  • Greetings,

    HumanCaptcha causes a critical issue according to the Site Health Status page (WordPress Dashboard -> Tools -> Site Health). I have HumanCaptcha 3.1 installed in WordPress 5.5.3. See the status message below:

    An active PHP session was detected [Performance]

    A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.

    The issue seems to be related to the PHP session detection added to the Site Health Status page in WordPress 5.5.0: According to the plugin page, HumanCaptcha is tested only up to WordPress 5.4.4 which predates the session check.

    To pinpoint the issue to HumanCaptcha plugin, I disabled all plugins, after which the PHP session message was not shown. Then I enabled plugins one at a time until the issue message returned. This happened when HumanCaptcha was the only enabled plugin.

    I am not completely sure what kind of interference the issue causes but it seems worth fixing. Please let me know if you need any additional details.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Outerbridge


    Hi there

    Many thanks for bringing this to our attention. We will investigate this but at the moment we are busy with other work and so it won’t be for a while – it is on our to-do list though!


    Thread Starter tmuk



    Thank you for the response despite being busy. I took another look at the WordPress ticket that was linked in the changeset above. One suggestion was to close the session right after using $_SESSION variables.

    In this patch, I tried to edit the code to follow that idea. When the patch is applied, the related critical issues in the Site Health disappeared. I also confirmed this with a clean WordPress installation where only HumanCaptcha plugin was installed.

    However, I am not completely sure about the solution especially related to the headers that were mentioned in the ticket. I decided to share the patch anyway in case it happens to help.




    Has there been any patch/revision to this? I just discovered that I am seeing this issue in WP site health status. I’m not a coder so don’t understand how to apply the patch that tmuk shared.

    Plugin Author Outerbridge


    Still on the to-do list unfortunately.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.