New to the community? Start here

[Other] Defender reCAPTCHA buggy in WooCommerce

I’ve tried to use reCAPTCHA v3 on several WC websites and on every one of them I always eventually get an email from my client saying they got an email from a customer about it giving a failure notice and preventing checkout. Naturally, my clients get stressed about this because “who knows how many people gave up without emailing about it” so I’ve now turned off Defender’s option for reCAPTCHA in all WooCommerce sites.

I have no idea what’s wrong because it usually works for me when I try a test purchase, but it does often fail on the login page — i.e. when I try to log in I very often get an error saying it failed, nearly every time in fact, but I just refresh the page and try again, and on the 2nd or 3rd time it works. I use a password manager so I’m sure the login details are always the same, but I’ve never bothered trying to figure it out since I’ve been busy and it eventually works, and according to my logs it looks like customers always eventually make it through as well when they log in without attempting a purchase.

What I think happens is that my password manager auto-fills the login fields and attempts to auto-log-in before the captcha has loaded. It does still fail sometimes when I disable the auto login but much more rarely.

I don’t know why it would be affecting the WC checkout since the captcha should have plenty of time to load before the customer submits their order, but basically I’m wondering if this is all related to some issue with how Defender inserts the reCAPTCHA code, or if perhaps it gets delayed by Hummingbird (even though I have the ‘delay JS’ option turned off), or if there’s some Cloudflare issue, or maybe the issue is on Google’s side and reCAPTCHA is just a slow-loading asset…. I have no idea, but obviously I can’t use it for WC if it’s going to randomly prevent real customers from checking out, so I don’t really have a site that I can give you to test on. Mainly I was just wondering if there are any current reports about this or any ideas about it.

I’ll make this ticket public in case there’s anyone who knows the problem or if maybe there’s another way besides Defender that they are able to block bot purchases, but figured I should report it all the same.

Tue, 9 Jan 2024 15:15:18
  • Daniel Voran
    • Flash Drive

    You might try the plugin Simple Cloudflare Turnstile – CAPTCHA Alternative instead. I like it much better than reCaptcha. However, I haven’t used it with Defender. It works well with WooCommerce on my sites and what I like about it is that users never have to solve puzzles.

  • Jair Jaramillo
    • Staff

    Hello Greg

    I am sorry to hear you’re having issues with Defender’s ReCaptcha feature. At this moment we don’t have any reported and active bug regarding this, but of course, we would like to investigate what’s happening here.

    As this issue seems to happen by random, and can’t be replicated easily, the best approach to identify the cause of the issue si to enable Debug Mode in the site. I suggest you to enable Debug Mode, enable the Debug Log, and disable the display of Debug information in the site; this way, a file in /wp-content/debug.log should be generated when there is an error or warning in the site. It’s likely that an error like this should appear in the log.

    If the site is under our hosting, there is no need to enable the Debug Mode. Instead, you can go to your site’s Hub, under Hosting -> Logs -> PHP Error Logs, and see the same errors and warnings, as long as WP Debug Mode is disabled.

    Once you think the logs have captured information regarding the reCaptcha issue, please let us know.

    You can also enable Support Access, and let us know the site that is having these issues. If you can tell us around which day and time the issue happened, that can help us too.

    Kind regards,
    Jair.