Since Gravity Forms 2.0 the new “no captcha” reCAPTCHA API is included in Gravity Forms. This was a highly requested feature and works pretty fine for most users, but sometimes specially if you’re using old reCAPTCHA keys or the reCAPTCHA authentication in Gravity Forms settings was done using previous API version you can get one of the following pretty cryptic message in your reCAPTCHA field:
ERROR for site owner: Stoken disabled or Error for site owner: Stoken expired
To fix any of the above stoken issues with reCAPTCHA in Gravity Forms follow the steps below.
Try reconfiguring the keys in Gravity Form settings page
This is the first thing to try and solves the issue 99% of times, also note this part applies to any error not only to the two above. For it to work is VERY IMPORTANT to follow all steps as described below. If you skip any step the issue will persists.
- Go to Forms -> Settings and then to reCAPTCHA Settings section.
- Copy your Site Key and Secret Key to a safe place (e.g. a text editor).
- Now delete the keys from the settings page.
- And click the Save Settings button while the inputs are still blank.
- Now copy and paste each key to its place in the settings page again.
- After doing this, and before being able to click the Save Settings button, you should see a reCAPTCHA field below the keys to prove that you’re not a robot. Do whatever reCAPTCHA asks you to pass the test.
- Finally click on the Save Settings button.
Note: If you’re not seeing the reCAPTCHA field in step 6. Make sure you don’t have Firefox Tracking Protection enabled, as this will block the reCAPTCHA field and will not allow you to complete the configuration correctly.
Once you’re done empty your browser cache (also flush cache for any plugin or CDN that you may be using) and try again your form, the issue should be solved.
Delete the reCAPTCHA keys and generate a new pair of keys in your reCAPTCHA account
If you’re still experiencing the issue after doing all the above, try going to your reCAPTCHA account, delete current keys for your site and generate new ones. Then repeat the process above with the new keys.
The above method applies only to built-in reCAPTCHA support, if you have installed any third-party Gravity Forms add-on for adding reCAPTCHA to the form you should disable it now, you don’t need it anymore.
Make sure you’re using a recent PHP version
A few users also reported using an outdated PHP version can cause this issue too, if your server is running at least PHP 5.6 as indicated in the Gravity Forms system requirements that should be enough, but PHP 5.6 is now four years old…
I would recommend you to upgrade your PHP version to at least PHP 7.0 or 7.1.
Most modern hostings allows you to upgrade the PHP version by yourself using the hosting panel.
Turn off caching and perform a full conflict test
If none of the above is helping you to fix the stoken disabled/expired issue or the reCAPTCHA field is just blank (no content, only the label) chances are that you have some other third-party software in your site setup creating a conflict. So if you’re at this point it’s time for a theme/plugin conflict test!
While doing the conflict test, if you’re using any caching system (e.g a WP plugin for caching, server side module or a CDN like CloudFlare) make sure to turn it off and leave it off until the end of the troubleshooting. It’s very important to keep caching off while you’re doing any kind of troubleshooting to ensure you’re working with fresh dynamic content and not cached content.
Thanks mate! Posts like these are so helpful and resolve things right away. Rather than digging through google search. I miss writing posts of my findings on my blog.
You’re welcome Ashish. Is never too late to start writing again ;)
Thanks Samuel Aguilera :)
Thank you! Worked like a charm, after multiple failed attempts with other google results.
Thank you … so helpful! You made it easy to resolve.
Thank you for this, just saved me some time! :)
Thank you.
Oh man, thank you!!!
Unfortunately, this does not work if you have this issue in multisite environment.
Having a multisite network doesn’t matter in any way for this issue.
In our multisite environment Captcha works only on our initial blog page. All other sites in network have this Stoken disabled issue. Any idea why? I would appreciate your help.
I can’t reproduce that behavior in my mulitisite network. If your network is subdomain based (e.g. site1.example.com) I would recommend you to check that you created the key in your reCAPTCHA account using only the domain and not the www (e.g. example.com). If that is ok and you have already tried the instructions in the article you will want to perform a conflict test as indicated and the end.
PS. By the way, bear in mind that a single reCAPTCHA key may only have a max of 50 associated subdomains per Google restrictions.
Thanks!
Thank you, worked to my relief!
Thanks so much — our church website just hit this problem and your solution worked perfectly. Nice to find a quick fix!
Thanks, man! I get the chronology but not sure why Gravity Forms doesn’t post it.
Thank goodness for you!
Thanks – worked.
Just updated Gravity Forms, and got that error — wow, this post saved me a ton of time… thanks Samuel.
thank you very much
Thanks very much, Samuel. This worked for me, exactly as you described.
Hello Samuel,
Thanks alot for such useful information, your solution works correctly.
I have one question, I have multisite setup, I am copying content to new registered site from template site( which have keys validated ), and I found issue come on new site, so I needed to validate keys manually for new sites.
Is there a way we can automate these steps using script or code snippet ??
Thanks
Google requires you to validate the keys per site and it does using a reCAPTCHA field so I’m afraid you can’t use a script to validate the keys.
I digged into code and found, I used below line of code to mark keys as validated in gravityforms recaptcha.
update_option( ‘gform_recaptcha_keys_status’, 1 );
and it was working for me. sure it will not validate keys with google, but recaptcha started to work with it.
Worked like a charm! I love an easy fix!
I’ve completed your instructions and still have this message:
Please complete the reCAPTCHA widget to validate your reCAPTCHA keys:
ERROR for site owner:
Invalid domain for site key
What does it mean, “complete the reCAPTCHA widget to validate your reCAPTCHA keys”?
When you’re entering the keys in the Gravity Forms settings page Google requires you to validate them using a reCAPTCHA field that is shown just after pasting the Secret Key. The error that you’re seeing inside of that reCAPTCHA field is returned directly by the reCAPTCHA service, and it’s not a Gravity Forms issue but an issue with your reCAPTCHA keys setup.
It means that, according to the validation done by the reCAPTCHA service, you’re trying to use a pair of keys that are not valid for your site domain. In other words, you’re trying to use a pair of keys that were generated for another domain. You need to go to your reCAPTCHA account and do one of the following:
A) Find the keys in your reCAPTCHA admin list and add your site domain to the current keys configuration. It may take some time for the keys to work in new added domains.
B) Generate a new pair of keys for your site domain. If you use only the root domain (e.g. example.com not http://www.example.com) the keys will be valid for any subdomain (e.g. http://www.example.com, another-site.example.com, etc.)
Hello.
I’m having the same error but only on the front-end. I can insert the keys and validate them on the back-end, save the settings, but when I view the form on the front-end I get this error.
I’ve tested it on a local installation with and without plugins, with this theme and another one, and it all works, so it isn’t a plugin/theme conflict issue.
Do you have any idea of what the problem might be?
This saved my tailbones.
With WP 4.8 multisite/multinetwork, I only had to remove and re-enter the ReCAPTCHA keys on one site, and it seems to have fixed all of them.
I don’t have direct confirmation that the error was happening on more than that one site, though, so maybe I just got lucky.
Either way, thanks!
The Man!
Thank you! It worked.
Worked like a charm. Thanks Samuel!
Very helpful. Thanks!
One possible cause of this for many users might be when triple-clicking in the “secret key” field to select the key, while in Google reCaptcha. When I did this, I didn’t realize it selects the line below it “Step 1: Client side integration”. Pasting this into Gravity Forms will paste that extra text along with the key.
This was a great tip! Deleting the keys, saving, removing the formatting from the keys, paste/resave worked like a charm!
Thanks so Much Samuel. You’re a life saver
Thanks very much for this, it was a simple fix when I followed your step-by-step instructions!
THANK YOU SO MUCH. Your explanation was simple and easy to follow!!! Much appreciated mate.
Great!!
It worked
Thank you
Phew – easy solution to an annoying problem.
Thank you for this article!
I followed the steps and this fixed the problem!
Thank you. Resetting the keys solved it right away.
I love you for this post! Really, so simple yet was driving me nuts for hours until I found this! Thanks!