Since Gravity Forms 2.0 the new “no captcha” reCAPTCHA API is included in Gravity Forms. This was a highly requested feature and works pretty fine for most users, but sometimes specially if you’re using old reCAPTCHA keys or the reCAPTCHA authentication in Gravity Forms settings was done using previous API version you can get one of the following pretty cryptic message in your reCAPTCHA field:
ERROR for site owner: Stoken disabled or Error for site owner: Stoken expired
To fix any of the above stoken issues with reCAPTCHA in Gravity Forms follow the steps below.
Try reconfiguring the keys in Gravity Form settings page
This is the first thing to try and solves the issue 99% of times, also note this part applies to any error not only to the two above. For it to work is VERY IMPORTANT to follow all steps as described below. If you skip any step the issue will persists.
- Go to Forms -> Settings and then to reCAPTCHA Settings section.
- Copy your Site Key and Secret Key to a safe place (e.g. a text editor).
- Now delete the keys from the settings page.
- And click the Save Settings button while the inputs are still blank.
- Now copy and paste each key to its place in the settings page again.
- After doing this, and before being able to click the Save Settings button, you should see a reCAPTCHA field below the keys to prove that you’re not a robot. Do whatever reCAPTCHA asks you to pass the test.
- Finally click on the Save Settings button.
Note: If you’re not seeing the reCAPTCHA field in step 6. Make sure you don’t have Firefox Tracking Protection enabled, as this will block the reCAPTCHA field and will not allow you to complete the configuration correctly.
Once you’re done empty your browser cache (also flush cache for any plugin or CDN that you may be using) and try again your form, the issue should be solved.
Delete the reCAPTCHA keys and generate a new pair of keys in your reCAPTCHA account
If you’re still experiencing the issue after doing all the above, try going to your reCAPTCHA account, delete current keys for your site and generate new ones. Then repeat the process above with the new keys.
The above method applies only to built-in reCAPTCHA support, if you have installed any third-party Gravity Forms add-on for adding reCAPTCHA to the form you should disable it now, you don’t need it anymore.
Make sure you’re using a recent PHP version
A few users also reported using an outdated PHP version can cause this issue too, if your server is running at least PHP 5.6 as indicated in the Gravity Forms system requirements that should be enough, but PHP 5.6 is now four years old…
I would recommend you to upgrade your PHP version to at least PHP 7.0 or 7.1.
Most modern hostings allows you to upgrade the PHP version by yourself using the hosting panel.
Turn off caching and perform a full conflict test
If none of the above is helping you to fix the stoken disabled/expired issue or the reCAPTCHA field is just blank (no content, only the label) chances are that you have some other third-party software in your site setup creating a conflict. So if you’re at this point it’s time for a theme/plugin conflict test!
While doing the conflict test, if you’re using any caching system (e.g a WP plugin for caching, server side module or a CDN like CloudFlare) make sure to turn it off and leave it off until the end of the troubleshooting. It’s very important to keep caching off while you’re doing any kind of troubleshooting to ensure you’re working with fresh dynamic content and not cached content.