Contact Form 7: “reCAPTCHA validation failed. Please try again.”

Try these first

1. Reconnect v3 keys: In Contact Form 7 → Integration → reCAPTCHA, remove and re-add your reCAPTCHA v3 site/secret keys. Make sure they’re v3 keys (not v2) and the domain matches your site.
2. Disable optimizations on the contact page: Temporarily turn off page caching, JS deferral/combining, and any “optimize” features (WP Rocket, Autoptimize, LiteSpeed, SiteGround Optimizer, Cloudflare Rocket Loader). Then test the form.
3. Cookie/consent allow-list: Make sure your consent banner isn’t blocking Google reCAPTCHA. Allow www.google.com/recaptcha/ (or www.recaptcha.net/) and re-test.
4. Update everything: Update Contact Form 7, theme, and any CF7 add-ons to the latest versions.

Why this happens

• Wrong key type or domain mismatch: v3 requires its own keys and the domain must match your site’s origin.
• Token never generated: The reCAPTCHA script didn’t load (blocked by cache/CDN/consent or JS errors), so CF7 gets an empty token.
• Low v3 score: reCAPTCHA v3 rates requests 0.0–1.0. If your score falls below the threshold (default ~0.5), CF7 will fail validation.

Step-by-step fixes

1) Verify and re-add your v3 keys

1. Open Contact Form 7 → Integration → reCAPTCHA and click Remove Keys.
2. Generate v3 keys in the Google reCAPTCHA admin for your exact domain (no trailing slashes, correct subdomain/protocol).
3. Add the new keys back in CF7 and save. Test the form.

2) Ensure the token loads (no blocking)

1. Temporarily disable page cache, JS minify/deferral, and CDN script optimizers (e.g., Cloudflare Rocket Loader) for your contact page.
2. Open the page, then your browser DevTools → Network. Confirm api.js from Google reCAPTCHA is loading and no JS errors appear in Console.
3. If you must keep optimizations, exclude the contact page or exclude reCAPTCHA/CF7 scripts from minification/deferral.

3) Fix consent/country blocks

• In your consent banner (CookieYes, Complianz, etc.), allow-list the reCAPTCHA domains so the script runs before submit.
• If Google domains are blocked regionally, switch CF7 to use www.recaptcha.net (supported fallback) and test again.

4) Lower the v3 threshold (when scores are too strict)

If legitimate users are failing due to low scores, you can reduce the threshold. Add this to a site-specific plugin or your theme’s functions.php:

add_filter('wpcf7_recaptcha_threshold', function ($threshold) {
  return 0.3; // default is ~0.5, try 0.3 to be more permissive
});

Re-test. If spam increases, raise slowly (e.g., 0.35 → 0.4).

5) As a fallback: switch to reCAPTCHA v2 or Turnstile

• reCAPTCHA v2: Install a CF7-compatible v2 add-on, add your v2 keys, place the [recaptcha] tag in your form, and re-test.
• Cloudflare Turnstile: Consider Turnstile as a privacy-friendly alternative. It’s reliable and reduces friction. Use an integration/add-on that supports CF7, add your Turnstile keys, then test.

Testing & diagnostics

• Is the token present? With DevTools open, ensure the reCAPTCHA request completes and no console errors appear.
• Plugin/theme conflict test: Temporarily switch to a default theme and disable all non-essential plugins. If the form works, re-enable items one-by-one.
• Cache/CDN edge: Clear site cache, CDN cache, and your browser cache after changes.

Summary

Most sites fix this by re-adding v3 keys, unblocking the reCAPTCHA script (cache/CDN/consent), or adjusting the v3 score threshold. If problems persist, use reCAPTCHA v2 or Turnstile as a stable alternative.