Title: reCaptcha Last modified: October 17, 2022 --- # reCaptcha * Resolved [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/) * (@tmproductionsllc) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/) * It appears that our recaptcha keys may have changed and are causing an urgent issue where we are blocked out of our backend since recaptcha cannot communicate with the google servers. * How can we manually disabled the recaptcha keys for Wordfence from command line or SFTP? * Thanks! * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Frecaptcha-186%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 11 replies - 1 through 11 (of 11 total) * Thread Starter [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/) * (@tmproductionsllc) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16108203) * ``` Uncaught Error: Invalid site key or not loaded in api.js: 6Le9E3QiAAAAAAcbBQVGZcvLJeuPeQjmtk-emeQR z https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js:143 X https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js:289 wfls_init_captcha https://shopdisclose.tv/wp-content/plugins/wordfence/modules/login-security/js/login.1664898183.js?ver=1.0.11:101 setTimeout handler*c< https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js:33 z https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js:133 wfls_init_captcha https://shopdisclose.tv/wp-content/plugins/wordfence/modules/login-security/js/login.1664898183.js?ver=1.0.11:100 https://shopdisclose.tv/wp-content/plugins/wordfence/modules/login-security/js/login.1664898183.js?ver=1.0.11:420 initialize https://shopdisclose.tv/wp-content/plugins/wordfence/modules/login-security/js/login.1664898183.js?ver=1.0.11:312 jQuery 9 initialize https://shopdisclose.tv/wp-content/plugins/wordfence/modules/login-security/js/login.1664898183.js?ver=1.0.11:298 https://shopdisclose.tv/wp-content/plugins/wordfence/modules/login-security/js/login.1664898183.js?ver=1.0.11:418 jQuery 13 recaptcha__en.js:143:214 ``` - This reply was modified 3 years, 6 months ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/). * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16108220) * [@tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/) There is nothing “Security related” in anything you have posted here. * If you are reporting it that way to have a post edited by a moderator then I’m sorry, but that is only done in extreme cases. * [https://wordpress.org/support/forum-user-guide/faq/#will-you-delete-my-post-once-the-problem-is-solved](https://wordpress.org/support/forum-user-guide/faq/#will-you-delete-my-post-or-my-link-within-my-post) * Search engine hits are _never_ considered extreme. The post will not be edited or deleted. * NOTE: You still have 50 minutes at this time to edit your own post. * [https://wordpress.org/support/reply/16108203?view=all&edit=1](https://wordpress.org/support/reply/16108203?view=all&edit=1) * After 1 hour users cannot edit their topics or replies. * Thread Starter [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/) * (@tmproductionsllc) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16108228) * The security report was made in error, please disregard. The ticket is still valid though. The issue is still not resolved. * [erniecom](https://wordpress.org/support/users/erniecom/) * (@erniecom) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16109352) * With wp-cli or phpmyadmin installed or any other database manager, you can look for table wp_wfls_2fa_secrets where the ReCaptcha api keys are stored. * With wp-cli you can do this on the command line: * `wp db query "DELETE FROM wp_wfls_2fa_secrets"` * With phpmyadmin you can simply delete the row. * Thread Starter [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/) * (@tmproductionsllc) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16110609) * Thanks, so I can delete the entire “_wp_wfls_2fa_secrets” entry via PhPMyAdmin and I will then be able to log into my site? Or do I need to delete a specific column or index within the entry? * Thread Starter [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/) * (@tmproductionsllc) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16110709) * I’ve deleted the entry table entry “_wp_wfls_2fa_secrets” and login is still locked. Now it’s throwing this error: * ``` Uncaught Error: Invalid site key or not loaded in api.js: 6Le9E3QiAAAAAAcbBQVGZcvLJeuPeQjmtk-emeQR z https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js:143 X https://www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js:289 wfls_init_captcha https://shopdisclose.tv/wp-content/plugins/wordfence/modules/login-security/js/login.1664898183.js?ver=1.0.11:101 recaptcha__en.js:143:214 ``` - This reply was modified 3 years, 6 months ago by [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/). * Thread Starter [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/) * (@tmproductionsllc) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16111537) * I also have just tried removing WordFence altogether. But, when completing the required steps before deleting the database tables, the website serves a 500 error and disconnects from PhpMyAdmin before I can delete the database tables. * All pages go white, and the website stops serving any content. I feel as if this plugin is holding our website hostage. There are real orders and sensitive data that need to be processed and recovered- and we are unable to access any of it. This is so far, not a very good experience simply because some reCaptcha keys were mistakenly deleted from Google reCaptcha admin… really? - This reply was modified 3 years, 6 months ago by [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/). - This reply was modified 3 years, 6 months ago by [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/). * Thread Starter [tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/) * (@tmproductionsllc) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16111694) * Deleting or renaming the WordFence plugin does not solve the problem either. * [erniecom](https://wordpress.org/support/users/erniecom/) * (@erniecom) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16113389) * > I’ve deleted the entry table entry “_wp_wfls_2fa_secrets” and login is still > locked. Now it’s throwing this error: * The gstatic in the error response gives me the impression that some kind of caching is in play here. You might need to look at the caching plugin you are using and clear the cache. * [erniecom](https://wordpress.org/support/users/erniecom/) * (@erniecom) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16113708) * > This is so far, not a very good experience simply because some reCaptcha keys > were mistakenly deleted from Google reCaptcha admin… really? * Yes that mix up with 2FA was a big mistake of mine. Please note that I am no way related to the Wordfence developer team. I am a user like you are. I was too self confident and eager to help you. Won’t happen again without a proper contract relation and setup of a test system of your site to safely find a solution. With my clients I do these kind of operations always in a test site first, before applying it in a production site. I was mistakenly presupposing that you do the same. * Even in the test site, before I emptying that table I made a backup with the table export function of phpmyadmin, just to be sure. Since you apparently were confident enough to talk about the command line, I hoped that you would do the same. * > All pages go white, and the website stops serving any content. I feel as if > this plugin is holding our website hostage. * The Wordfence plugin has a special set up of its firewall that starts before anything else in the boot process. When active this is configured with a PHP server configuration setting. Before anything else the server runs wordfence- waf.php which appears in the WP root folder. * The 500 errors you experience could be because you removed that file but the PHP server setting is still pointing to that file. When you used the regular WordPress method to deactivate and remove Wordfence, then, I just noticed, the wordfence-waf.php file is not removed and the site should work OK. * Without knowing the rest of plugins and configuration of your site I cannot be further help to restore your site. * Sincerely sorry for my mistake mixing up things. The ReCaptcha API key and secret appear to be stored in table _wp\_wfls\_settings_, the rows with in the _name_ column _recaptcha-secret_ and _recaptcha-site-key_ but I did not tested this. - This reply was modified 3 years, 6 months ago by [erniecom](https://wordpress.org/support/users/erniecom/). - This reply was modified 3 years, 6 months ago by [erniecom](https://wordpress.org/support/users/erniecom/). - This reply was modified 3 years, 6 months ago by [erniecom](https://wordpress.org/support/users/erniecom/). * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16118627) * Hi [@tmproductionsllc](https://wordpress.org/support/users/tmproductionsllc/), thanks for getting in touch. * The original issue by the looks of things would’ve worked had you renamed the“ wordfence” folder, logged in without reCAPTCHA/2FA, then named the folder back. The reCAPTCHA keys could’ve then been changed in **Login Security > Settings** before you’d hit the login page again. * The subsequent issue looks like `auto_prepend_file` is now referencing a path that no longer works/exists causing a 500 error. If you edit your .htaccess or. user.ini (whichever applies on your configuration) to remove the `auto_prepend_file = /path/to/wordfence-waf.php` line, the site should load as normal. Reinstalling Wordfence from scratch on **WordPress > Plugins > Add New** should address any database tables that are missing. The firewall will need to be re-optimized due to the manually removed path to wordfence-waf. * Thanks, * Peter. Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘reCaptcha’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [frozen](https://wordpress.org/support/topic-tag/frozen/) * [locked](https://wordpress.org/support/topic-tag/locked/) * [login](https://wordpress.org/support/topic-tag/login/) * [reCAPTCHA](https://wordpress.org/support/topic-tag/recaptcha/) * 12 replies * 4 participants * Last reply from: [wfpeter](https://wordpress.org/support/users/wfpeter/) * Last activity: [3 years, 6 months ago](https://wordpress.org/support/topic/recaptcha-186/#post-16118627) * Status: resolved