Google Recaptcha showing up on all our pages


#1

All our pages is showing a little Google Recaptcha box in the bottom right corner. I can see that Cloudflare injects some sort of code into the page related to Google Recaptcha.

This only started happening very recently and even if i put security as “Essentially Off” it still shows up.

It is quite annoying. Does anyone know why this just started happening and how to disable it?

Thanks


#2

Do you have any Cloudflare Apps installed? CF only injects ReCaptcha when there’s some sort of firewall rule set to “challenge” or the user is known malicious, and even then it’s a Cloudflare-branded page.

You could also try pausing Cloudflare temporarily (wait ~5 minutes) then go to your website and see if the ReCaptcha is still there. If it still shows while CF is paused, the box must be added by your server.


#3

Domain?


#4

We have absolutely no apps installed and security on essentially off.

I have seen it on a few other websites out there.

Cloudflare is injecting it.


#5

No captcha anywhere


#6

I am definitely getting it. Try clearing your cache and refreshing.

When i view the source code its added too


#7

What is your evidence this is Cloudflare?


#8

That icon bottom right is caused if you have something like a contact form on your website using recaptcha V3. Cloudflare generally uses V2 and I doubt that what you are seeing is Cloudflare related as @sandro said.


#9

I do have a contact form but its using v2 and also my understanding is v3 recaptcha would appear in the bottom right corner only on the page you have implemented it on.

Clearly there is no recaptcha implemented on that page and every single page is getting that square box.


#10

Considering there is a captcha it clearly is implemented :wink:

The question is where it comes from. Again, what is your evidence this comes from Cloudflare?


#11

I dont have any evidence except that someone said they turned off their cloudflare and it was gone. I am going to try that.

The v3 recaptcha doesn’t work the way you describe. It just is active on the page you implement it on.


#12

What is your evidence for that? It works just the way I described on all my sites.

I doubt it is a CF issue, others experience it too.

https://wordpress.org/support/topic/recaptcha-badge-on-all-pages-not-just-pages-with-contact-forms/


#13

There is no “their Cloudflare” and they cant turn it off either. Only the site owner can do that.

This issue is most likely not Cloudflare related.


#14

They turned off their cloudflare on their site. (Meaning of course the site owner unclicked that orange cloud) Which part of that is not clear? I am testing that now.

UPDATE:

I have confirmed that i do not have v3 anywhere on the website and i dont have v3 even registered for the domain so its not v3. Those articles you sent are from wordpress users too.

Anyways, unfortunately, i cannot turn off cloudflare now without the site going down because of the way they configured it so i can’t test it without cloudflare.

But from what a friend of mine said, once he turned off cloudflare, it went away.


#15

What happens if you click the Pause button on the overview page of the dashboard? Do you get an SSL error?

There are many places with articles on this including stackexchange and many others. Just do a search!


#16

Im wondering if it has something to do with this.


#17

The OP uses Flexible and does not have SSL enabled on his server.


#18

Exactly what I was worried about.


#19

Yes, i was right it is related to Cloudflare.

Once i turned off that Bot Management its gone.

This is quite silly to put something on when we didn’t ask for it…especially when i have security ESSENTIALLY OFF.

This feature must have been implemented a couple days ago because i didn’t notice this start happening until then.


#20

I would generally follow @domjh’s advice and enable HTTPS on your server. Otherwise you wont have a secure site.