I have setup a number of sites within a multisite following the instructions WooCommerce → Settings → Integration → PayPal Payments reCAPTCHA for both v3 and v2 I have had warning on a couple of sites that this is not setup correctly When I look within google account I see on each account that under integration Front end has geen tick, backend has red exclamation mark with the following text
Unprotected Your key isn’t requesting scores Your key is requesting tokens (executes), but hasn’t requested any scores (assessments) recently. Something is set up incorrectly in your backend environment. Because you’re not blocking suspicious behaviour, your site or app isn’t protected.
Unprotected Your key isn’t requesting scores Your key is requesting tokens (executes), but hasn’t requested any scores (assessments) recently. Something is set up incorrectly in your backend environment. Because you’re not blocking suspicious behaviour, your site or app isn’t protected.
I would treat that warning with a grain of salt as I checked on your site, reCAPTCHA v3 tokens are being generated correctly.
If they were not working properly, the PayPal window would not open at all, because the validation would fail before the payment step. The fact that the payment popup loads confirms the frontend and token generation are functioning.
Another indicator of a real backend issue would be fraud attempts or bot activity. If you are not experiencing suspicious traffic or abuse, then this message can safely be ignored for now, as it does not indicate a functional problem with your current checkout flow.
No sure at this point. I am not seeing this warning on my end. Also, we haven’t received similar tickets.
It is possible that the warning is coming from older or duplicate keys configured for your domain in your Google account. I recommend checking whether you have multiple reCAPTCHA keys created for the same domain and verifying that only the correct, active ones are in use. Maybe that’s the answer.
I have 6 installations on this multisite I set up v3 & v2 (v2 as invisible) for each. I can see that all of the v3 installs have traffic but none of the v2’s do. Also I see that one domain is stating that We detected that your site is not verifying reCAPTCHA tokens. Please see our developer site for more information.
Just for clarification, reCAPTCHA Invisible is actually part of v3, while v2 works differently and does show challenges. v3 is score-based, v2 is challange.
We detected that your site is not verifying reCAPTCHA tokens. Please see our developer site for more information.
If you are seeing traffic only on the v3 keys and none on the v2 ones, that means your site is currently using only the v3 integration in practice. You have Wordfence, which locks access to UK IPs, and I actually encountered this myself while testing your site. To test v2, you would need a suspicious IP address, for example, from Afghanistan or Angola, so that it gets triggered. You can test it this way.
Could you clarify whether you configured your keys through a standard reCAPTCHA integration or via Google Cloud Console?
Thanks for the details – I will check Regarding configuration, I generated the keys using the google console and entered them in the WooCommerce PayPal Payments reCAPTCHA screen on each site.
Yeah, you didn’t make any mistakes, as everything is working.
I think that notification might disappear once you test your checkout page for v2, but you may need to use a niche IP address to trigger it. Test with Afghanistan. Alternatively temporary disable Wordface, and let me know once that’s done, so I will check myself. I doubt it can be done with UK IP.
I’m soon to configure reCAPTCHA keys for this PayPal Payments plugin. But something you said in previously in this topic gives me pause:
“I recommend checking whether you have multiple reCAPTCHA keys created for the same domain and verifying that only the correct, active ones are in use.”
We are already utilizing reCAPTCHA for WooCommerce on our site, which as you know requires similar reCaptcha site key and secret key. Will the use of these reCAPTCHA keys cause a conflict with the new reCAPTCHA keys required for the PayPal Payments plugin?
You can have one set of keys used by “reCAPTCHA for WooCommerce” and another set used by PayPal Payments. Both can be registered for the same domain inside Google, so having multiple keys itself is not the problem.
The issue usually arises when multiple plugins load reCAPTCHA scripts at the same time, try to validate requests independently, and attach their own tokens to checkout actions. That is when conflicts can occur. I recommend testing this in the checkout page. Any issues are triggered right after clicking the Smart button, so there is no need for any payment attempt to test this behaviour.
