Disable hCaptcha in frontend except for login page

  • Resolved Matthias Honert

    (@matthias-honert)


    3 weeks ago

    First, thanks for developing this useful plugin! I’m really happy with how it’s protecting login form on wp-login.php.

    I noticed that hCaptcha resources are loading across all frontend pages (including <link rel='dns-prefetch' href='//hcaptcha.com' /> in the head), even though I only need the captcha functionality for the login form on wp-login.php. For privacy/GDPR compliance on my site, I’m trying to limit script loading to only where it’s actually needed.

    I was wondering: Is there a recommended way to configure hCaptcha to load only on the login page? Perhaps a filter or setting I might have missed?

    I’ve already looked through:

    • The plugin documentation
    • Available settings
    • Forum posts about conditional loading

    Any guidance would be greatly appreciated! Even a small code snippet would be super helpful if there’s no built-in option.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor kaggdesign

    (@kaggdesign)

    Thankyou for your response, we are happy to be helpful. You can leave your review here if you wish.

    Concerning prefetch – it is not a big deal at all. It does nothing if no resources are loaded. Anyway, to remove prefetch and styles on all pages except login and some other page, you can use the following code.

    function hcap_block_inline_styles() {
    	if ( is_page( 'contact' ) ) {
    		return;
    	}

    	$hcaptcha = hcaptcha();

    	remove_action( 'wp_head', [ $hcaptcha, 'print_inline_styles' ] );
    	remove_filter( 'wp_resource_hints', [ $hcaptcha, 'prefetch_hcaptcha_dns' ], 10, 2 );
    }

    add_action( 'wp_head', 'hcap_block_inline_styles', 0 );
    Thread Starter Matthias Honert

    (@matthias-honert)

    Thank you for the quick and helpful response! The provided code works perfectly, and I was able to solve the issue with it. For anyone encountering the same problem, here’s my implementation:

    /**
     * Prevents loading of hCaptcha resources on frontend pages
     * Loads hCaptcha only on wp-login.php and optionally other specific pages
     */
    function hcap_block_inline_styles() {
        // Don't run this code on the login page
        if ( strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false ) {
            return;
        }
        
        // Don't run this code on specific pages where hCaptcha is needed
        // if ( is_page( 'contact' ) ) {
        //     return;
        // }

        $hcaptcha = hcaptcha();

        remove_action( 'wp_head', [ $hcaptcha, 'print_inline_styles' ] );
        remove_filter( 'wp_resource_hints', [ $hcaptcha, 'prefetch_hcaptcha_dns' ], 10, 2 );
    }

    add_action( 'wp_head', 'hcap_block_inline_styles', 0 );

    I slightly modified the code to specifically address the login page (instead of the contact page in the example). The DNS prefetch and inline styles are now removed on all pages except wp-login.php, which is exactly what I needed.

    This is a great solution for our strong GDPR compliance, as no external resources are loaded when they’re not needed.

    Thanks again for your support and for this useful plugin!

    Plugin Contributor kaggdesign

    (@kaggdesign)

    Thank you for your kind words.

    I do not understand, however, why did you add 

     if ( strpos( $_SERVER['REQUEST_URI'], 'wp-login.php' ) !== false ) {
            return;
      }

    It is not needed because the wp_head hook is not executed on the wp-login.php page and the whole function hcap_block_inline_styles is not called there.

    Thread Starter Matthias Honert

    (@matthias-honert)

    ?? Shame on me! You are right! Thank you again!

    Plugin Contributor kaggdesign

    (@kaggdesign)

    No worries, thank you for clarifications.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.