Anti-Splog https not loading recaptcha

Hi

Problem signing up for a site on my network (uses TLS)

I am getting chrome console error:

wp-signup.php' was loaded over HTTPS, but requested an insecure script 'http://www.google.com/recaptcha/api/challenge?k=6LeO5QETAAAAAP0AtLf7oFisZbaSodKnPf6_WMNb'. This request has been blocked; the content must be served over HTTPS.

Have added

define("RECAPTCHA_API_SERVER", "http://www.google.com/recaptcha/api");
define("RECAPTCHA_API_SECURE_SERVER", "https://www.google.com/recaptcha/api");

to WPconfig as suggested in an ancient thread somewhere, did not resolve the issue.

Any pointers on how to get the reCaptcha to load up?

Best regards,
Bjørn Seaton

  • Michelle Shull
    • DEV MAN’s Apprentice

    Hey there, Bjørn!

    First off, when did you set up reCAPTCHA for your site? Was it before or after the big roll out of the new reCAPTCHA? http://www.google.com/recaptcha/intro/index.html#

    It was a recent change, within the last months. If you set up Anti-Splog before that switch, you may want to regenerate your reCAPTCHA key, as I'm fairly sure all of the new assets are served under https from Google's end.

    Thanks!

    • kundeservice
      • Site Builder, Child of Zeus

      Hi Michelle,

      Nope, I set it up just a few days ago. Maybe there is a setting somewhere in reCaptcha to load over https, will look again, but did not see it last time.

      I have just set up a new keypair also, in case that was the problem, but it made no difference (as expected).

      Shall I give you site access for this one?

      Kind Regards,
      Bjørn Seaton

  • Timothy
    • Chief Pigeon

    Hey there Bjørn,

    It seems like the $use_ssl is not set to true in those instances, I can replicate this on my install too.

    Can you stick this in your wp-content.php for now:

    define("RECAPTCHA_API_SERVER", "https://www.google.com/recaptcha/api");

    Just above:

    /* That's all, stop editing! Happy blogging. */

    Basically this is telling the plugin to use the https connection for the non-https one, which in your case should work as you're only using https.

    It should force the https, I tested and it worked for me. I'm also going to escalate this for our developer to look at.

    Take care.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.