Skip to content

ERROR for site owner: Stoken disabled in reCAPTCHA field for Gravity Forms

reCAPTCHA Stoken Expired error
reCAPTCHA Stoken Expired error

Since Gravity Forms 2.0 the new “no captcha” reCAPTCHA  API is included in Gravity Forms. This was a highly requested feature and works pretty fine for most users, but sometimes specially if you’re using old reCAPTCHA keys or the reCAPTCHA authentication in Gravity Forms settings was done using previous API version you can get one of the following pretty cryptic message in your reCAPTCHA field:

ERROR for site owner: Stoken disabled or Error for site owner: Stoken expired

To fix any of the above stoken issues with reCAPTCHA in Gravity Forms follow the steps below.

Try reconfiguring the keys in Gravity Form settings page

  1. Go to Forms -> Settings and then to reCAPTCHA Settings section.
  2. Copy your Site Key and Secret Key to a safe place (e.g. a text editor).
  3. Now delete the keys from the settings page and click the Save Settings button.
  4. Now copy and paste each key to its place in the settings page again.
  5. After doing this, and before being able to click the Save Settings button, you should see a reCAPTCHA field below the keys to prove that you’re not a robot. Do whatever reCAPTCHA asks you to pass the test.
  6. Finally click on the Save Settings button.

Once you’re done empty your browser cache (also flush cache for any plugin or CDN that you may be using) and try again your form, the issue should be solved.

If you’re still experiencing the issue after doing all the above, try going to your reCAPTCHA account, delete current keys for your site and generate new ones. Then repeat the process with the new keys.

The above method applies only to built-in reCAPTCHA support, if you have installed any third-party Gravity Forms add-on for adding reCAPTCHA to the form you should disable it now, you don’t need it anymore.

Make sure you’re using a recent PHP version

A few users also reported using an outdated PHP version can cause this issue too, make sure your server is running at least PHP 5.6 as indicated in the Gravity Forms system requirements.

Most modern hostings allows  you to upgrade the PHP version by yourself using the hosting panel.

Perform a full conflict test

If none of the above is helping you to fix the stoken disabled/expired issue or the reCAPTCHA field is just blank (no content, only the label) chances are that you have some other third-party software in your site setup creating a conflict. So if you’re at this point it’s time for a theme/plugin conflict test!

While doing the conflict test, if you’re using any caching system (e.g a server side module or a CDN like CloudFlare) make sure to turn it off and leave it off until the end of the troubleshooting.

Published inGravity Forms

22 Comments

  1. Ashish Ashish

    Thanks mate! Posts like these are so helpful and resolve things right away. Rather than digging through google search. I miss writing posts of my findings on my blog.

    • Samuel Aguilera Samuel Aguilera

      You’re welcome Ashish. Is never too late to start writing again ;)

  2. Colin Colin

    Thank you! Worked like a charm, after multiple failed attempts with other google results.

  3. Jana Jana

    Thank you … so helpful! You made it easy to resolve.

  4. Duncan Michael-MacGregor Duncan Michael-MacGregor

    Thank you for this, just saved me some time! :)

  5. Houston Brown Houston Brown

    Thank you.

  6. Julio Julio

    Oh man, thank you!!!

  7. Milan Milan

    Unfortunately, this does not work if you have this issue in multisite environment.

    • Samuel Aguilera Samuel Aguilera

      Having a multisite network doesn’t matter in any way for this issue.

      • Milan Milan

        In our multisite environment Captcha works only on our initial blog page. All other sites in network have this Stoken disabled issue. Any idea why? I would appreciate your help.

      • Samuel Aguilera Samuel Aguilera

        I can’t reproduce that behavior in my mulitisite network. If your network is subdomain based (e.g. site1.example.com) I would recommend you to check that you created the key in your reCAPTCHA account using only the domain and not the www (e.g. example.com). If that is ok and you have already tried the instructions in the article you will want to perform a conflict test as indicated and the end.

        PS. By the way, bear in mind that a single reCAPTCHA key may only have a max of 50 associated subdomains per Google restrictions.

  8. Gina Gina

    Thanks!

  9. Chrissy Chrissy

    Thank you, worked to my relief!

  10. Steve Davies Steve Davies

    Thanks so much — our church website just hit this problem and your solution worked perfectly. Nice to find a quick fix!

  11. Chris Chris

    Thanks, man! I get the chronology but not sure why Gravity Forms doesn’t post it.

    Thank goodness for you!

  12. John Wade John Wade

    Thanks – worked.

  13. Steve Steve

    Just updated Gravity Forms, and got that error — wow, this post saved me a ton of time… thanks Samuel.

  14. ade ade

    thank you very much

  15. Tony R. Boies Tony R. Boies

    Thanks very much, Samuel. This worked for me, exactly as you described.

  16. Mukund Thanki Mukund Thanki

    Hello Samuel,
    Thanks alot for such useful information, your solution works correctly.
    I have one question, I have multisite setup, I am copying content to new registered site from template site( which have keys validated ), and I found issue come on new site, so I needed to validate keys manually for new sites.

    Is there a way we can automate these steps using script or code snippet ??

    Thanks

    • Samuel Aguilera Samuel Aguilera

      Google requires you to validate the keys per site and it does using a reCAPTCHA field so I’m afraid you can’t use a script to validate the keys.

  17. Tyler Tyler

    Worked like a charm! I love an easy fix!

Leave a Reply

Your email address will not be published. Required fields are marked *