I have enabled hCaptcha protection on one of my sub-domains and so far no matter what the captcha is telling a user to identify, users are able to click on any image and gain access to my sub-domain including images that aren’t even what the captcha is asking you to identify.
For example if hCaptcha was asking a user to identify images including trains, if a user were to click on every image that is NOT a train the user would still be granted access to my sub-domain… I was able to re-produce this issue EVERY single attempt I made, not once, not twice, I tested this about 10 times (even on different devices) and was able to gain entry to my sub-domain without clicking the correct images.
I fail to see how this is actually preventing bots from accessing my site if users are able to gain access like this. Can this be fixed anytime soon? is it an issue with my site? Or?
If you’d like to do your own tests with my sub-domain here’s the url: https://verify.faded.pw/