Bot Verification Page appears on PDF file download URL

What is the name of the domain?

What is the issue you’re encountering

Bot verification repeatedly appearing on site preventing traffic.

What steps have you taken to resolve the issue?

1. Turned off all plugins
2. Cleared cache
3. Used Incognito tab
4. Remove cloudflare security bot protections
5. Paused Cloudflare ← Upon pausing cloudflare, captcha goes away.

What are the steps to reproduce the issue?

Navigate to various urls. For example: Bot Verification

First, I have read numerous other posts with the same issue, and they are all dismissed as not being a cloudflare issue. This is most definitely a cloudflare issue.

In the url example above, it points to a file, no wordpress files being accessed, no plugins. Goes through Cloudflare.

Removing all plugins and running default wordpress build does not resolve the issue. It’s not a plugin issue.

There are no Recaptcha plugins, accounts, settings or tools on site. And per the above url, the recaptcha renders on a single file.

When cloudflare is paused, the recaptcha goes away.

So, as of right now, my options are to remove cloudflare, and use a different service.
Or, we find a way to prevent this from happening on cloudflare.

If you reply with “it’s a recaptcha issue, and not a cloudflare issue” then you haven’t actually investigated the issue, and I’ll just cancel my cloudflare account.

Screenshot of the error

reCap2.jpg666×702 83.5 KB

That’s a recaptcha and is not produced by Cloudflare. It’s likely your origin code or host is producing it in response to seeing the Cloudflare proxy trying to fetch the page from your site which is why it appears to be due to Cloudflare although it isn’t directly.

It’s not a page, it’s a file. There is no origin code.

Then it’s a service provided by your host or a plugin on your webserver.

No plugins are loaded. So that’s not it.
I’m chatting with my host, but there’s nothing on their side that would do this.

And again, PAUSING cloudflare (Advanced Actions → Pause Cloudflare) solves the problem.

So, turning off cloudflare fixes the issue. So, most definitely, it’s on the Cloudflare side.

You are using Hostinger with Litespeed, see here…

Thanks for sharing this.

• My .htaccess is empty
• I do not have litespeed enabled

But I understand what you are saying that somewhere in the page rendering process it’s requesting a recaptcha. I would have thought htaccess would have done that.

I also have a lot of other sites on hostinger, none of them are having this problem. This site is the only site I have going through Cloudflare.

It’s at the server level. reCAPTCHA Protection in LiteSpeed Web Server | LiteSpeed Documentation

Let me work with Hostinger some more and see if we can solve it.

Thanks.

Your origin SSL certificate has expired as well, so fix that then make sure your SSL/TLS setting is set to “Full (strict)” in your dashboard here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

I’m bypassing the SSL through cloudflare to try and resolve this. It’s not expired. Just part of Pausing cloudflare to solve the issue.

Ultimately, I do think it may be litespeed sever settings, but hostinger is still looking into it. I’ve placed a disable tag into .htaccess to see if that resolves things.

But what I do know, and have confirmed multiple times is that upon pausing or bypassing the cloudflare, the issue goes away.

So at a minimum, cloudflare is placing some level of risk through the proxy. That is being sent to the server, and the server is then rendering the recaptcha.

If I turn off all security settings on cloudflare, no level of risk is sent to the server, and the server does not display recaptcha.

Theoretically, there should be two settings. One on cloudflare that can be adjusted, and the trigger sensitivity on the server that can be adjusted.

At this time, I can’t adjust either of those settings (other than turning cloudflare off).

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.