Skip to content

ERROR for site owner: Stoken disabled in reCAPTCHA field for Gravity Forms

reCAPTCHA Stoken Expired error
reCAPTCHA Stoken Expired error

Since Gravity Forms 2.0 the new “no captcha” reCAPTCHA  API is included in Gravity Forms. This was a highly requested feature and works pretty fine for most users, but sometimes specially if you’re using old reCAPTCHA keys or the reCAPTCHA authentication in Gravity Forms settings was done using previous API version you can get one of the following pretty cryptic message in your reCAPTCHA field:

ERROR for site owner: Stoken disabled or Error for site owner: Stoken expired

To fix any of the above stoken issues with reCAPTCHA in Gravity Forms follow the steps below.

Try reconfiguring the keys in Gravity Form settings page

This is the first thing to try and solves the  issue 99% of times, also note this part applies to any error not only to the two above. For it to work is VERY IMPORTANT to follow all steps as described below. If you skip any step the issue will persists.

  1. Go to Forms -> Settings and then to reCAPTCHA Settings section.
  2. Copy your Site Key and Secret Key to a safe place (e.g. a text editor).
  3. Now delete the keys from the settings page.
  4. And click the Save Settings button while the inputs are still blank.
  5. Now copy and paste each key to its place in the settings page again.
  6. After doing this, and before being able to click the Save Settings button, you should see a reCAPTCHA field below the keys to prove that you’re not a robot. Do whatever reCAPTCHA asks you to pass the test.
  7. Finally click on the Save Settings button.

Note: If  you’re not seeing the reCAPTCHA field in step 6. Make sure you don’t have Firefox Tracking Protection enabled, as this will block the reCAPTCHA field and will not allow you to complete the configuration correctly.

Once you’re done empty your browser cache (also flush cache for any plugin or CDN that you may be using) and try again your form, the issue should be solved.

Delete the reCAPTCHA keys and generate a new pair of keys in your reCAPTCHA account

If you’re still experiencing the issue after doing all the above, try going to your reCAPTCHA account, delete current keys for your site and generate new ones. Then repeat the process above with the new keys.

The above method applies only to built-in reCAPTCHA support, if you have installed any third-party Gravity Forms add-on for adding reCAPTCHA to the form you should disable it now, you don’t need it anymore.

Make sure you’re using a recent PHP version

A few users also reported using an outdated PHP version can cause this issue too, if your server is running at least PHP 5.6 as indicated in the Gravity Forms system requirements that should be enough, but PHP 5.6 is now four years old…

I would recommend you to upgrade your PHP version to at least PHP 7.0 or 7.1.

Most modern hostings allows  you to upgrade the PHP version by yourself using the hosting panel.

Turn off caching and perform a full conflict test

If none of the above is helping you to fix the stoken disabled/expired issue or the reCAPTCHA field is just blank (no content, only the label) chances are that you have some other third-party software in your site setup creating a conflict. So if you’re at this point it’s time for a theme/plugin conflict test!

While doing the conflict test, if you’re using any caching system (e.g a WP plugin for caching, server side module or a CDN like CloudFlare) make sure to turn it off and leave it off until the end of the troubleshooting. It’s very important to keep caching off while you’re doing any kind of troubleshooting to ensure you’re working with fresh dynamic content and not cached content.

Published inGravity Forms

41 Comments

  1. Ashish Ashish

    Thanks mate! Posts like these are so helpful and resolve things right away. Rather than digging through google search. I miss writing posts of my findings on my blog.

    • Samuel Aguilera Samuel Aguilera

      You’re welcome Ashish. Is never too late to start writing again ;)

    • airah airah

      Thanks Samuel Aguilera :)

  2. Colin Colin

    Thank you! Worked like a charm, after multiple failed attempts with other google results.

  3. Jana Jana

    Thank you … so helpful! You made it easy to resolve.

  4. Duncan Michael-MacGregor Duncan Michael-MacGregor

    Thank you for this, just saved me some time! :)

  5. Houston Brown Houston Brown

    Thank you.

  6. Julio Julio

    Oh man, thank you!!!

  7. Milan Milan

    Unfortunately, this does not work if you have this issue in multisite environment.

    • Samuel Aguilera Samuel Aguilera

      Having a multisite network doesn’t matter in any way for this issue.

    • Milan Milan

      In our multisite environment Captcha works only on our initial blog page. All other sites in network have this Stoken disabled issue. Any idea why? I would appreciate your help.

    • Samuel Aguilera Samuel Aguilera

      I can’t reproduce that behavior in my mulitisite network. If your network is subdomain based (e.g. site1.example.com) I would recommend you to check that you created the key in your reCAPTCHA account using only the domain and not the www (e.g. example.com). If that is ok and you have already tried the instructions in the article you will want to perform a conflict test as indicated and the end.

      PS. By the way, bear in mind that a single reCAPTCHA key may only have a max of 50 associated subdomains per Google restrictions.

  8. Gina Gina

    Thanks!

  9. Chrissy Chrissy

    Thank you, worked to my relief!

  10. Steve Davies Steve Davies

    Thanks so much — our church website just hit this problem and your solution worked perfectly. Nice to find a quick fix!

  11. Chris Chris

    Thanks, man! I get the chronology but not sure why Gravity Forms doesn’t post it.

    Thank goodness for you!

  12. John Wade John Wade

    Thanks – worked.

  13. Steve Steve

    Just updated Gravity Forms, and got that error — wow, this post saved me a ton of time… thanks Samuel.

  14. ade ade

    thank you very much

  15. Tony R. Boies Tony R. Boies

    Thanks very much, Samuel. This worked for me, exactly as you described.

  16. Mukund Thanki Mukund Thanki

    Hello Samuel,
    Thanks alot for such useful information, your solution works correctly.
    I have one question, I have multisite setup, I am copying content to new registered site from template site( which have keys validated ), and I found issue come on new site, so I needed to validate keys manually for new sites.

    Is there a way we can automate these steps using script or code snippet ??

    Thanks

    • Samuel Aguilera Samuel Aguilera

      Google requires you to validate the keys per site and it does using a reCAPTCHA field so I’m afraid you can’t use a script to validate the keys.

    • Mukund Thanki Mukund Thanki

      I digged into code and found, I used below line of code to mark keys as validated in gravityforms recaptcha.

      update_option( ‘gform_recaptcha_keys_status’, 1 );

      and it was working for me. sure it will not validate keys with google, but recaptcha started to work with it.

  17. Tyler Tyler

    Worked like a charm! I love an easy fix!

  18. Vickie Norris Vickie Norris

    I’ve completed your instructions and still have this message:

    Please complete the reCAPTCHA widget to validate your reCAPTCHA keys:

    ERROR for site owner:
    Invalid domain for site key

    What does it mean, “complete the reCAPTCHA widget to validate your reCAPTCHA keys”?

    • Samuel Aguilera Samuel Aguilera

      When you’re entering the keys in the Gravity Forms settings page Google requires you to validate them using a reCAPTCHA field that is shown just after pasting the Secret Key. The error that you’re seeing inside of that reCAPTCHA field is returned directly by the reCAPTCHA service, and it’s not a Gravity Forms issue but an issue with your reCAPTCHA keys setup.

      It means that, according to the validation done by the reCAPTCHA service, you’re trying to use a pair of keys that are not valid for your site domain. In other words, you’re trying to use a pair of keys that were generated for another domain. You need to go to your reCAPTCHA account and do one of the following:

      ​A) Find the keys in your reCAPTCHA admin list and add your site domain to the current keys configuration. It may take some time for the keys to work in new added domains.

      ​​​B) Generate a new pair of keys for your site domain. If you use only the root domain (e.g. example.com not http://www.example.com) the keys will be valid for any subdomain (e.g. http://www.example.com, another-site.example.com, etc.)

  19. Daniel Pereira Daniel Pereira

    Hello.

    I’m having the same error but only on the front-end. I can insert the keys and validate them on the back-end, save the settings, but when I view the form on the front-end I get this error.
    I’ve tested it on a local installation with and without plugins, with this theme and another one, and it all works, so it isn’t a plugin/theme conflict issue.

    Do you have any idea of what the problem might be?

  20. Ron Swartzendruber Ron Swartzendruber

    This saved my tailbones.

    With WP 4.8 multisite/multinetwork, I only had to remove and re-enter the ReCAPTCHA keys on one site, and it seems to have fixed all of them.

    I don’t have direct confirmation that the error was happening on more than that one site, though, so maybe I just got lucky.

    Either way, thanks!

  21. Yuriy Vasilyev Yuriy Vasilyev

    The Man!

  22. Brenda Honn Brenda Honn

    Thank you! It worked.

  23. Chris Everett Chris Everett

    Worked like a charm. Thanks Samuel!

  24. Mark Skowron Mark Skowron

    Very helpful. Thanks!

    One possible cause of this for many users might be when triple-clicking in the “secret key” field to select the key, while in Google reCaptcha. When I did this, I didn’t realize it selects the line below it “Step 1: Client side integration”. Pasting this into Gravity Forms will paste that extra text along with the key.

  25. Michael Romero Michael Romero

    This was a great tip! Deleting the keys, saving, removing the formatting from the keys, paste/resave worked like a charm!

  26. Ryan Urlacher Ryan Urlacher

    Thanks so Much Samuel. You’re a life saver

  27. Tanya Tanya

    Thanks very much for this, it was a simple fix when I followed your step-by-step instructions!

  28. 'Ilikea 'Ilikea

    THANK YOU SO MUCH. Your explanation was simple and easy to follow!!! Much appreciated mate.

  29. CMS CMS

    Great!!

    It worked

    Thank you

  30. Florian Stotz Florian Stotz

    Phew – easy solution to an annoying problem.

  31. Prod Juan Prod Juan

    Thank you for this article!
    I followed the steps and this fixed the problem!

  32. Peter Peter

    Thank you. Resetting the keys solved it right away.

  33. LC LC

    I love you for this post! Really, so simple yet was driving me nuts for hours until I found this! Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *