• As many others have commented reCAPTCHA v3 is not working with CF7. MANY people are getting spammed and I’m amazed there has not been an update yet. In addition to the reCAPTCHA not working, Google Chrome is showing an error in the console and it’s related to the line that reads (Key removed for example):

    } )( grecaptcha, ‘YOURKEYSHOWSHERE’ );</script> <script>jQuery(document).ready(function() {

    “Uncaught ReferenceError: grecaptcha is not defined” is the message.

    Previous threads have mentioned changing line 112 of wp-content/plugins/contact-form-7/modules/recaptcha.php from: return $spam; to: return true; but that is not working on all sites. Plus you should never edit the core of a plugin since it will be overwritten on the next update (Which HOPEFULLY fixes the issue).

    Can I please have an estimated timeframe when this will get fixed? I don’t want to switch to a different contact form for every single website, but I will if this doesn’t get fixed soon.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Delete ReCAPTCHA config from Contact Form 7 and download this plugin:

    Advanced noCaptcha & invisible Captcha

    Go back to Google ReCAPTCHA delete your Version 3 key (if you obtained one) and get your Version 2 site key and secret key. Back on your site, go to the Settings of the new plugin and add those keys.

    Then where you used to use [recaptcha] short code, use this for the new plugin [anr_nocaptcha g-recaptcha-response]

    Problem solved.

    @webteamffcu thanks this resolved my issue!

    Thread Starter Brian Houdek


    Thanks for the tip. My problem is I have a lot of sites to do this to… I’m kind of hoping for an update but that’s looking less and less likely

    Spam is still coming through for me too. It is strange because the captcha code does not show up in the DB when the spammers hit my client’s forms. They are somehow bypassing captcha, but when normal people fill out a form I see an encryption code in the DB.

    • This reply was modified 5 years, 7 months ago by betsy004.

    The problem is line 112 of /wp-content/plugins/contact-form-7/recaptcha.php:

    return $spam;

    It allows any visitor that hasn’t set a reCAPTCHA token to submit the form. Since most bots don’t use javascript, that means they won’t have a token, as you’ve seen in the DB, and they are able to submit the form. The hack prevents that.

    If you look through all the posts about this, you’ll come across one where the developer comments that he made this decision to prevent sites with javascript issues from not receiving contact form submissions.

    You’re loading the javascript with async/defer.

    Yes cf7 should check to see if the function is defined first and retry to accommodate lazy loading of javascript.

    The new CF7 plugin uses the new v3 captcha setup, so i created new keys for my website using the new v3 captcha and worked, no extra plugins needed.

    Regenerating keys did not help one of my sites, although every other site I’ve done seems to work just fine and the JS code seems identical, except for the site key.

    Cezar Cazan


    I had the same issue and resolved it by loading the entire script when document is ready. Edit the contact-form-7/modules/recaptcha.php file, and add:
    jQuery(document).ready(function() {
    on line 73.

    Add }); before the </script> tag to close the function.
    You’re welcome!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘reCAPTCHA v3 Spam / Error Console’ is closed to new replies.