Problem: CAPTCHA image does not show

Problem:
The CAPTCHA image does not show on your form.

problem-captcha-image-not-showing

Before you start troubleshooting
make sure to update to the latest version of Fast Secure Contact Form.

Did you know: the CAPTCHA is optional?
If you are unsuccessful with these following remedies, you can turn the CAPTCHA feature off with a setting on the form edit page on the Security tab. There are other security methods you can enable on the Security tab.

Possible cause #1 – wrong address URLs in WP settings:
Check the WP settings in Admin – Settings – General
WordPress address (URL)
Blog address (URL)

You have to make sure the domain name and www match:
either use www. for BOTH, or do NOT use www. for both.

Bad: (mismatched www)
WordPress Address (URL): http://kntmendoza.net/workshop1
Site Address (URL): http://www.kntmendoza.net

Good:(matching www)
WordPress Address (URL): http://www.kntmendoza.net/workshop1
Site Address (URL): http://www.kntmendoza.net

Possible cause #2 – a security rule is blocking web access to the plugins directories:
When you right click on the area where the image should be, and select View Image, you get the 403 error that you do not have permission to access the securimage_show.php file.
This file is what shows the CAPTCHA image from this location /wp-content/plugins/si-contact-form/captcha/securimage_show.php
Some WordPress sites have a .htaccess file with rules that block public web access to the plugins directories.
This is the contents of a .htaccess file found in a user’s /wp-contents/ folder
This rule BLOCKED the CAPTCHA PHP file so that the image did not show.

<Files *.php>
deny from all
</Files>

Find the problem: Check for and examine the contents of any .htaccess files found in the main WP folder, the /wp-contents/ folder, or the /plugins/ folder.
By default, WordPress does not block public web access to the plugins directories. How did it get there? Who knows, some security plugins do that and some web tutorials instruct you to to block access to your plugins folder. But they should come with a warning “this will break plugins and themes”. If it broke the CAPTCHA, it will most likely break other plugins or themes as well. One way resolve the problem, you could take out the specific rule that is blocking the plugins directories and reconsider your security methods.

If you want the “deny from all” .htaccess rule to stay in effect, you could whitelist this file:
wp-content/plugins/si-contact-form/captcha/securimage_show.php

You can do that by adding an (or adding to the) .htaccess file within the /plugins/ folder that contains this whitelist code:

<Files securimage_show.php>
allow from all
</Files>

This addresses the securimage_show.php script not being accessible due to the global Deny All coding higher up in the directory structure which protects the other plugins.

But did you really need to block the plugins directory? The default WP install does not, and the core PHP files in this plugin do not allow direct access anyway, they only allow access when you are logged into WP and click on the menu to access it(as all plugins should).

Known plugins that cause this: Sucuri Security – the “1-Click Hardening” option to “restrict wp-content access” modifies the .htaccess file and causes this problem.

Possible cause #4 – 404 not found:
This file is what shows the CAPTCHA image from this location /wp-content/plugins/si-contact-form/captcha/securimage_show.php
When you right click on the area where the image should be, and select View File, you get a page 404 not found error. Either the file is missing, or you have a .htaccess rewrite rule that causes that. See cause # 3 above because the finding solution is similar.

Possible cause #4 – server error:
Right click where the image should be, click “View Image” to make the image open in a page by itself. Is there an error displayed? If yes, that error is your clue as to what is causing it. It might say “this image cannot be displayed because it contains errors”, or “Internal Server Error 500″. Look in the server error logs for more details about the actual error.

The setting “Enable PHP sessions” IS enabled
One possible cause: the setting “Enable PHP sessions” IS enabled and your server has broken PHP sessions that causes the errors. Try this solution: go to the form edit page, click on the Advanced tab and UNCHECK the setting “Enable PHP sessions” then click save changes. Reload the form page and see if it works.

The setting “Enable PHP sessions” IS NOT enabled
One possible cause: the setting “Enable PHP sessions” IS NOT enabled and your server has improper file or user permissions on the CAPTCHA cache folder that causes permission errors. Try this solution: go to the form edit page, click on the Advanced tab and CHECK the setting “Enable PHP sessions” then click save changes. Reload the form page and see if it works.

Do you need help?

Donations by PayPal:

If you find this free contact form program/plugin useful to you, please consider making a small donation to help contribute to further development. My time is very limited and I get dozens of support emails every day. If you are not able to donate, that is OK. Thanks for your kind support! - Mike Challis

Donations by cash or check:
Mike Challis
PO Box 819
Long Beach WA 98631

Comments are closed.