Hi,
Divi Contact Form sends/attempts to send email even when reCAPTCHA is invalid/missing. I need confirmation of the exact server-side failure contract (JSON response/hook) that the module expects so that no email is sent.
Environment: WordPress [ver], PHP [ver], Divi Theme/Builder [ver], key plugins [list], caching/optimization [name], page URL [link].
Settings: Contact Form → Spam Protection → reCAPTCHA v3 enabled (site/secret), Minimum Score 0.5. Token sent as g-recaptcha-response.
Repro: open page → simulate invalid reCAPTCHA → submit → observe logs/response.
Expected: server returns failure and no email is sent.
Actual: logs show “Contact error”, yet “Email submit hook triggered”.
Network: request goes to either admin-ajax.php?action=et_pb_contact_form_submit or a REST route /wp-json/...divi...contact... (please confirm the official route for Divi 5).
What we already tried (server-side gate):
Hook early into AJAX (priority 0) and REST (rest_request_before_callbacks), return:
wp_send_json(['success'=>false,'message'=>'Invalid reCAPTCHA.'], 200);
Add a last-resort pre_wp_mail blocker for this request if token invalid/missing.
Front-end v3 failsafe to ensure g-recaptcha-response is present before submit.
Questions
What exact JSON/shape does Divi Contact Form require on failure to stop email?
For Divi 5, is there an official REST route for contact submit, or still admin-ajax?
Confirm the expected param name for the token (g-recaptcha-response).
Any known incompatibilities with pre_wp_mail or caching plugins?
Attachments: debug.log excerpt, HAR/Network screenshots, Spam Protection settings, reCAPTCHA settings (redacted), version info.
Thanks!
Hi,
Divi Contact Form sends/attempts to send email even when reCAPTCHA is invalid/missing. I need confirmation of the exact server-side failure contract (JSON response/hook) that the module expects so that no email is sent.
Environment: WordPress [ver], PHP [ver], Divi Theme/Builder [ver], key plugins [list], caching/optimization [name], page URL [link].
Settings: Contact Form → Spam Protection → reCAPTCHA v3 enabled (site/secret), Minimum Score 0.5. Token sent as g-recaptcha-response.
Repro: open page → simulate invalid reCAPTCHA → submit → observe logs/response.
Expected: server returns failure and no email is sent.
Actual: logs show “Contact error”, yet “Email submit hook triggered”.
Network: request goes to either admin-ajax.php?action=et_pb_contact_form_submit or a REST route /wp-json/...divi...contact... (please confirm the official route for Divi 5).
What we already tried (server-side gate):
Hook early into AJAX (priority 0) and REST (rest_request_before_callbacks), return:
wp_send_json(['success'=>false,'message'=>'Invalid reCAPTCHA.'], 200);
Add a last-resort pre_wp_mail blocker for this request if token invalid/missing.
Front-end v3 failsafe to ensure g-recaptcha-response is present before submit.
Questions
What exact JSON/shape does Divi Contact Form require on failure to stop email?
For Divi 5, is there an official REST route for contact submit, or still admin-ajax?
Confirm the expected param name for the token (g-recaptcha-response).
Any known incompatibilities with pre_wp_mail or caching plugins?
Attachments: debug.log excerpt, HAR/Network screenshots, Spam Protection settings, reCAPTCHA settings (redacted), version info.
Thanks!