Cloudflare turnstile duplicated in WooCommerce
-
Hi Team,
Not sure if this is a plugin issue. I am using Cloudflare’s Turnstile login captcha options through your plugin on my login/create account page(s) for WordPress and WooCommerce, and on the WooCommerce login/signup forms I am seeing four (two for each form) captcha boxes, and not two.
There is no other plugin used for this method and wondered if you are aware of this issue?
Please do let me know if you require screenshots. I have disabled all plugins except WooCommerce, and yours and it still shows four validation boxes rather then two.
I have been in the plugin setting under ‘Brute Force’, ‘Captcha Setting’ and turned all setting to off and back on one by one. Everything works fine (no captcha boxes as these are on other forms across the site) until I choose the WooCommerce options. Then the four validation boxes come back. This use to be two.
To rule things out my login and sign up forms are on the same page (as standard by WooCommerce) and not custom i.e. individual or through a plugin.Also my site is behind a firewall and might not be reachable. You might need to use a VPN that allows UK sites to be seen to view my issue. Or I can share an image if easier: https://ibb.co/bJPMZVC
Any help or advice on this is welcome.
Regards-
This topic was modified 3 months, 3 weeks ago by
. Reason: Added image link to show error
-
This topic was modified 3 months, 3 weeks ago by
The page I need help with: [log in to see the link]
-
This topic was modified 3 months, 3 weeks ago by
-
Thank you for the reply.
However even though it has been reported some users are stating that there might be an incorrect call to the API
Quote: https://community.cloudflare.com/t/turnstile-ready-firing-twice/690171/16
This might be why so many plugins are effected. Maybe they have updated their API integration and its effecting developers that rely on a different call back method.
I can change it for now for the reCAPTCHA but would rather have Cloudflare’s Turnstile implemented.Keep in mind. This was queried 11 days ago with no resolution. Because users are flagging differences in how its implemented: https://community.cloudflare.com/t/turnstile-ready-firing-twice/690171/15 makes me wonder its a third party issue and not Cloudflare’s per say. Yes they need to investigate why this is happening but all I can see is them coming back with “its an API implementation issue”.
Please keep me posted if you find a resolution. I would reach out as a developer to them to see if my theory is correct.
RegardsHi Team,
Ok there has been no real resolution from Cloudflare now for over a month, but the community that are reporting their issues with duplicate turnstile captchas have come up with a few solutions to fix this based on individual setups.
Because I didn’t want to move back to Google’s (outdated) captcha system, I looked at your code where the API is called here: plugins: all-in-one-wp-security-and-firewall: classes: wp-security-captcha.php and on line 320 you are using the onload=onloadCallback, where a user flags this as being the wrong way to call the API, and to fix it, use the following method: window.onloadTurnstileCallback. Or in your case window.onloadCallback based on your plugin setup.
So to narrow it down I changed this on line 320:<script src='https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadCallback' async defer></script>to
<script src='https://challenges.cloudflare.com/turnstile/v0/api.js?window.onloadCallback' async defer></script>Which has fixed my issue on the WooCommerce login/signup form. Now it only shows one Turnstile captcha for each form, rather then having two.
The strange thing with this is all other forms i.e. WP login, plugin contact forms had one Turnstile Captcha. It was only the WooCommerce forms (that show the login/signup on the same page) that was showing four of them. Two for each form.
My change above has resolved this. Please do test on your side and push this if you are happy with the changes I have made. This (possible fix) was from this user on Cloudflare community: https://community.cloudflare.com/t/turnstile-ready-firing-twice/690171/15?u=darren22
Hi @qilin2000 look at the fix I have put in place above. Tested now on five different websites and it removes any duplicate Turnstile captcha’s both on WP form plugins and WooCommerce forms etc, all working as expected.
Hopefully the developers will acknowledge my findings and assume its not Cloudflare on a global level and assume its how they call the API through their plugin. Others have fixed this issue by following Cloudflare’s API integration correctly, or at least through Cloudflare’s community, who have the knowledge to identify the issue and share how to resolve this simple fix.
Give it a go on a staging site first and test. If you are happy do this with your live site. In time the developers of the plugin will push this fix, or just wait on Cloudflare’s response into how to resolve it.Either way it works for me and I am happy my customers can return to certain parts of the site with the confidence of security measures put into place that work. Never rely on Googles captcha v3 as its outdated and other methods are out there that do a better job, one being Cloudflare’s Tunrstile.
- You must be logged in to reply to this topic.
