Captcha not showing for the Fast, Secure Contact Form plugin

The captcha on all my subsites' contact form is not showing the image. I'm using Fast Secure Contact Form. All that shows is the image placeholder.

  • joejacobson

    Hi Ash,

    Did that and it didn't help. Looks like something is blocking it. I did a chat with Ken a couple days ago. He spent almost an hour looking into it and didn't solve it. I gave him my ftp info and granted access. He did mention something about the get_request not working.
    Also, so you're aware, I had another problem a few days ago with Defender (PHP execution module) where it was throwing an error when I was in my page editor. Did another chat with both NIthin and Luis working on that and finally got it working. They ended up adding some rules into my wp-content/.htacess file. I don't know if it would help you, but there there are two chat transcripts for this.

    I checked the plugin on another site I have and it is working fine. I have this plugin on about 50 subsites and they all are not working.

    I also did the plugin conflict test and deactivated the plugins at the network level.

    Let me know if you want my ftp info.

    Thanks, Joe.

  • Dimitris

    After our recent chat session, please have a look at these resources and let us know if further assistance is required here! :slight_smile:

    I was also able to find this doc page about captcha issues in this plugin:

    And also these specific threads:

    Warm regards,

  • joejacobson

    Hi Ash,

    I looked at the references provided by Dimitris. That did not solve my problem.
    Here is an excerpt from the first "problem captcha image" reference:
    Possible cause #2 – a security rule is blocking web access to the plugins directories:
    When you right click on the area where the image should be, and select View Image, you get the 403 error that you do not have permission to access the securimage_show.php file.
    This file is what shows the CAPTCHA image from this location /wp-content/plugins/si-contact-form/captcha/securimage_show.php
    Some WordPress sites have a .htaccess file with rules that block public web access to the plugins directories.
    This is the contents of a .htaccess file found in a user’s /wp-contents/ folder
    This rule BLOCKED the CAPTCHA PHP file so that the image did not show.

    deny from all
    Find the problem: Check for and examine the contents of any .htaccess files found in the main WP folder, the /wp-contents/ folder, or the /plugins/ folder.
    By default, WordPress does not block public web access to the plugins directories. How did it get there? Who knows, some security plugins do that and some web tutorials instruct you to to block access to your plugins folder. But they should come with a warning “this will break plugins and themes”. If it broke the CAPTCHA, it will most likely break other plugins or themes as well. One way resolve the problem, you could take out the specific rule that is blocking the plugins directories and reconsider your security methods.
    If you want the “deny from all” .htaccess rule to stay in effect, you could whitelist this file:
    You can do that by adding an (or adding to the) .htaccess file within the /plugins/ folder that contains this whitelist code:

    allow from all
    This addresses the securimage_show.php script not being accessible due to the global Deny All coding higher up in the directory structure which protects the other plugins.
    But did you really need to block the plugins directory? The default WP install does not, and the core PHP files in this plugin do not allow direct access anyway, they only allow access when you are logged into WP and click on the menu to access it(as all plugins should).
    Known plugins that cause this: Sucuri Security – the “1-Click Hardening” option to “restrict wp-content access” modifies the .htaccess file and causes this problem.
    Here is what Luis and Nithin added to my .htacess folder:

    I just changed a little bit the code added by Nithin
    he added this rule in the .htaccess found inside the "wp-content"
    <Files /themes/weaver-xtreme/editor-style-css.php>
    Allow from all
    but the entire path is not needed and maybe was creating issues
    so, I changed it to:

    <Files editor-style-css.php>
    Allow from all
    Maybe I just need to add this file to a plugin folder using a rule similar to the above??

    Please let me know what you think?
    Thanks, Joe.

  • Predrag Dubajic

    Hi joejacobson,

    Did you made any changes to FTP login details that you provided in chat because I can no longer login using those?

    Can you send us your new details so we can have another look at this?

    You can send us your details using our contact form and the template below:

    Subject: "Attn: Predrag Dubajic"
    - Site login url
    - WordPress admin username
    - WordPress admin password
    - FTP credentials (host/username/password)
    - cPanel credentials (host/username/password)
    - Link back to this thread for reference
    - Any other relevant urls

    Best regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.