This step-by-step repair guide is for anyone who has encountered the
Could not find CAPTCHA token error message. There was nothing on Google that I could find when I was trying to get the Fast Secure Contact Form plugin to work on my blog. Hopefully, this saves someone else from confusion, frustration and gnashing of teeth.
What is the CAPTCHA Token?
Securimage is an open-source free PHP CAPTCHA library that does everything from generating the CAPTCHA images to validating the typed code.
The CAPTCHA Token is written to a temporary file during input validation.
Why is the CAPTCHA Token Not Found?
The Could not find CAPTCHA token message occurs because the Securimage script was unable to create a temporary folder during setup.
After installing the Fast Secure Contact Form plugin, I set up everything. At the time, the plugin did not display the status messages that you will see in this guide. Thanks go to Mike Challis, who developed the Fast Secure Contact Form plugin and updated it after helping me figure out what was wrong with my server settings.
How to Fix the Could Not Find CAPTCHA Token Error
This section will contain all updates, based on reader feedback. Hopefully, I won’t confuse you.
[Updated 8/30/2010] Plugin author Mike Challis commented on the incompatibility between his Fast Secure Contact plugin and Simple Facebook Connect:
SFC Like and SFC Share are both not compatible with Fast Secure Contact Form, they cause the error “Could not read CAPTCHA token file. CAPTCHA token file is missing.”
If you use either or both SFC Like and SFC Share, you’ll want to bookmark the related support thread on WordPress.org. Alternatively, you could subscribe to the RSS feed so you’ll know when a new reply is made to that thread.
[Updated 8/29/2010] Reader Frank uses Microsoft IIS Web server and tells us that FTP can’t be used to change the read/write/execute permissions on the captcha-tmp folder. You’ll have to research that bit (at least until another visitor can enlighten us further.) When you find out how to do that, you’ll need to turn on “write” and “execute” permissions for the folder.
[Updated 8/25/2010]: After reader Melinda mentioned seeing this problem on my website, I realized that upgrading the plugin will undo all your fixes! Be sure to redo these steps each time you upgrade.
These screen shots are from Filezilla (FTP program) and the Fast Secure Contact Form plugin screens. If you are not using the plugin, but you are using the Securimage script from the PHP CAPTCHA library, you can still apply the fixes for the Could not find CAPTCHA token error message.
If you are using the Fast Secure Contact Form plugin and have encountered the following screen shot during set-up, you can use this guide to prevent ever seeing any Could not find CAPTCHA token error messages on your contact page.
Note: If you do not have FTP or shell access to your blog, jump to Quick Fix for Mike’s last-resort solution to get the Fast Secure Contact Form plugin to work.
Test the CAPTCHA System
First, if you are using an older version of Fast Secure Contact Form (before version 2.8.2), you’ll need to find out whether the error message is due to a missing folder or an unwritable one. If you are using a more recent version, the plugin settings will alert you as soon as you click the Update Options button, so you can skip this test and jump to Fire Up FTP.
Screen shot #1: Click the Test Link
Screen shot #2: Test Results
Navigate to your plugins folder and find the si-contact-form folder.
Under that, look for the captcha-secureimage folder.
Screen shot #3: Find the si-contact-form plugin folder
Create Temp Folder
Right-click the captcha-secureimage folder and select Create directory.
Screen shot #4: Right-click the captcha-secureimage folder
In the pop-up window, type captcha-temp.
Screen shot #5: Create the captcha-temp folder
Try the PHP Test Again
Return to the test page in your browser and click the Try the PHP Requirements Test again link.
Screen shot #6:Retry the PHP Requirements Test
Did Your Server Fail the Test?
Screen shot #7: Unwritable Folder Message
Note: If your server passed, jump to Final Setting.
Fix Unwritable Folder
The WordPress documentation, Changing File Permissions, explains file permissions in detail. What worked for me may not work for you. It all depends on how your web host’s server is set up. Let’s hope for the best:
- Right-click the captcha-temp folder
- Select File permissions . . .
- Follow the recommended order of changes until your server passes the test
Screen shot #8: File Permissions
Mike Challis explained to me that his Fast Secure Contact Form plugin will work just fine with the Use CAPTCHA without PHP session option disabled (as long as PHP sessions are working). He adds that fixing the folder permissions problem is recommended. If you can’t do that, then this option is your solution (disregard Final Setting, below.)
Screen shot #9: Uncheck Use CAPTCHA without PHP session
If the test page in your browser shows that captcha-temp is writable, you’re almost done!
Screen shot #10: Writable Folder!
In the plugin settings, make sure that the Use CAPTCHA without PHP session option is checked.
Screen shot #11: Check Use CAPTCHA without PHP session
CAPTCHA System Works
Congratulations! Enjoy your contact forms.
Screen shot #12: LETT me in!
Need More Support?
Mike Challis has a support form that you can complete in order to get help directly from him. (A donation might help, too 
)
From his website:
If you find a problem, please first read the FAQ, then if you still need help, submit a support ticket.
This post is the most popular one on my blog! Do you want your posts to possibly go viral? Check out The CommentLuv Plugin!
Mitch, Whew! I need to digest this in baby steps because I’m not familiar with PHP but thanks for providing all of the detailed steps and instructions for resolving this issue!
Ileane recently posted..Basics of Blog Feeds and FeedBurner
My pleasure, Ileane. If you don’t have to log in to your FTP whenever you update plugins, you’ll probably not have to worry about this obscure error.
I’m on a Plesk server and every single domain has this permission issue.
Mike Challis is a gem! I’m going to making these forms all over my blogs
Cheers,
Mitch
Alright, it’s on Stumbleupon and delicious. It is quite impressive and well laid-out; just hope it finds the right audience. I definitely don’t want to be in the position of having to fix a broken comment security system, but anyone having that trouble definitely should have access to this.
ashok recently posted..Re- “Lines on Plagiarism Blur for Students in the Digital Age-” by Trip Gabriel
Thanks, Ashok. I was in a public service mood Sunday
Especially after the great support from the plugin author, Mike Challis.
I appreciate your efforts to ensure that more people can find this post and avoid the frustration that I experienced.
Cheers,
Mitch
Mitchell,
Thanks so much for sharing.
I haven’t seen this error, however like Ashok, I’ll be stumbling and retweeting this too. I’m adding this article link to one of my draft posts. It’s a tech post, not sure when I’ll publish it, however, when it goes live, Hopefully; it’ll help sread the word on this issue.
I always enjoy a well-written tutorial, brings out my inner geekiness, ok it’s fairly noticeable. I have a few tech sites, heavily tutorial, mainly focused on Mac tips, tutorials, etc.,
Moondancer recently posted..Three ways exercise can improve your health
Hey Moondancer,
Inner geekiness, eh? Are these secret niche sites or can you share?
Thanks for spreading the word about the CAPTCHA error.
Cheers,
Mitch
Today … someone sent me a LinkedIn request and I couldn’t log in … I tried everything, including resetting my password and gave up because it still won’t let me sign in! I think their problem is THIS ISSUE! It won’t let me past their Captcha Token! lol // Probably one of the main reasons I’m not a fan of LinkedIn.
HART (1-800-HART) recently posted..10 Reasons Why You Should Join The PetLvr Community
Hi Hart,
It would be a shame if LinkedIn users are being thwarted by CAPTCHA.
When I checked their login page source, it appeared to be using a proprietary CAPTCHA system, so my solution probably won’t apply.
It doesn’t use JavaScript, so that’s not the problem, either. The only suggestion I have is to try logging in from different browsers.
Cheers,
Mitch
I just discovered my CAPTCHA WordPress plugin was blocking everyone–at least everyone but me–from making comments on one of my blogs (not blog.clickfire.com). That’s the most effective spam blocking CAPTCHA I know of: block everything. Was wondering why I had received the cold shoulder from visitors for about a month
Apparently it was a conflict with the WP Supercache plugin. Challis rocks. Thanks for being in a public service mood Mitch.
emory recently posted..Digg Patriots- A Response
Hi Emory,
That’s terrible! I’m glad you found out. Lately, I’ve been discovering more conflicts.
In fact, Justin (DragonBlogger), has an informative post about manually adding tweetmeme submit button to WordPress . This opens up a whole new avenue of possible independence from WordPress Plugins of that nature.
Cheers,
Mitch
This is a whole new info for me, I never tried to apply CAPTCHA on my sites but I did hear someone complaining about unable to access LI smoothly due to CAPTCHA, as HART mentioned. I was never a fan of CAPTCHA, even so I may bookmark this in case I’ll decide to tighten up my site security to fight spam etc. We just never know.
@wchingya
Social/Blogging Tracker
Ching Ya recently posted..How to Separate Facebook Personal Profile from Business Page pt1
Hi Ching Ya,
I don’t like CAPTCHA on comments, though I’ll still visit and comment. I really don’t like spambots hitting my contact forms, so that’s where I use CAPTCHA.
Cheers,
Mitch
If I didn’t have the attention span of an adolescent spider monkey on crack this would have been an invaluable post. I’m certain that more intelligenter folks than me will harvest a slew of info from it.
Keep up the good work.
Pinhole recently posted..So Close
Thanks Randy. Your CAPTCHA works fine
Cheers,
Mitch
Mitchell, Thanks!!
My problem was solved thanks to this site.
From Tokyo, Japan.
Jiro Kuramochi recently posted..HostSo 1ドルサーバー
Hi Jiro Kuramochi,
I’m glad this tutorial helped.
Cheers,
Mitch
I have completed all the steps above. And I continue to get the following:
Could not read CAPTCHA token file.
CAPTCHA token file is missing.
I pass all tests from the admin panel Captcha test utility.
As far as I can tell all files are present.
All folders have write permissions as required.
Is there a specific file that this error is keying on?
Also, I am running this plugin on an IIS installation.
Thanks
One more thing. I just discovered that the plugin actually DID complete the e-mail. So everything worked with the exception of having the error message.
So, in my case, the error message is false but still there.
I would love to use this obviously functional plugin, but I cannot put it in place until the false errors stop reporting.
So, for now, I am back to the Dagon plugin.
Thanks
Hi Max,
The only thing I can think of is that you’re not running on a Linux server.
I don’t know if that is the problem, so I forwarded your questions to Mike Challis, who wrote the plugin.
Cheers,
Mitch
Thanks Mitch,
Can I realistically expect an answer?
Does IIS have known issues?
I have updated the plug in once and still have exactly the same issue.
Thanks,
Max
Max Richey recently posted..Curiosity &38 Compulsion–Hope &38 Faith in Atheism- Science &38 Christianity
Hi Max,
One thing I discovered is that, after updating the plugin, I had to redo the whole fix: create directory, set permissions, etc.
Mike was great communicating with me. I contacted via his website. You can try that:
http://www.642weather.com/weather/wxblog/support/
I’m going to update this post with that web address.
Cheers,
Mitch
You rock! Thanks for putting it together. Saved me time.
Hi Dariel,
Glad I could help!
Cheers,
Mitch
I couldn’t do the registration because CAPTCHA wasn’t accepting the token. Did it go through but just give me an error message? Sorry if it did because that meant you got about 20 messages.
Melinda recently posted..Dusty plants need to breath
Melinda, you are a life-saver! I have upgraded this plugin a couple of times and had no idea that doing so undid my fixes!
I updated the post, redid the fixes and it worked – after fighting my cached version until I finally got the newer page to come up.
Thanks!
Mitch
Thanks, Mitch. This was very helpful! Didn’t fully solve the issue in my case, but got me on the right path. Read on.
Note that if your site is hosted on a Microsoft IIS Web server, you’ll need to set permissions for the captcha-temp folder using IIS methods. Setting “CHMOD 777″ etc. via your FTP client won’t do it; IIS will ignore these and use its own settings.
You may need to consult your Web host to determine how to change permission settings via IIS (afraid I don’t have more info on IIS’s operation). You’ll need to turn on “write” and “execute” permissions for the folder. This finally did the trick for me.
Hope this helps someone, and thanks again for your help, Mitch.
Thanks also to Mike Challis for a very useful plug-in.
–Frank
Hi Frank,
Thank you so much for explaining a bit about the Microsoft IIS Web server and the fact that FTP won’t solve permission issues.
I will update the post to alert readers.
I’m glad this post helped you even a little bit
Cheers,
Mitch
SFC Like and SFC Share are both not compatible with Fast Secure Contact Form, they cause the error “Could not read CAPTCHA token file. CAPTCHA token file is missing.”
It looks to me that it is caused by the SFC plugins trying to scan the page content prior to WordPress showing it. This interferes with proper posting of the form. In my opinion, the author of SFC should make a page exclusion feature so pages can be excluded from the SFC Like and SFC Share features.
Related forum post:
http://wordpress.org/support/topic/plugin-simple-facebook-connect-breaks-my-plugins-that-use-captcha-i-have-fix
Thanks, Mike! I’ve updated the post to include this useful information.
Cheers,
Mitch
Pingback: Problem: Could not read CAPTCHA token file | Fast Secure Contact Form
Pingback: Plugin – “Custom Login Pages” By Carlos Mendoza – Project TZ
Pingback: Plugin – “Fast Secure Contact Form” integrated with SI CAPTCHA – Project TZ
Hello Everyone,
I am not a wordpress user, I am however getting this error message when I try to register for a blog that I am interested in;
ERROR: Could not read CAPTCHA token file There is a problem with the directory /si-captcha-for-wordpress/captcha-secureimage/captcha-temp/.
Directory Unwritable (fix permissions). Permissions are: 0755 Fixing this may require assigning 0755 permissions or higher (e.g. 0777 on some hosts. Try 0755 first, because 0777 is sometimes too much and will not work.) Fixing the actual problem is recommended, but you can uncheck this setting on the si captcha options page: “Use CAPTCHA without PHP session” and the captcha will work this way just fine (as long as PHP sessions are working).
Any assistance in getting around or passed this would be appreciated. Is it possible that the webmaster/blog host has to change their WP settings/permissions?
Thanks,
Jim
Hi Jim,
You are exactly right, the webmaster, or whoever has access to that blog’s WordPress files, must fix the permissions.
If you haven’t yet, try using the blog’s Contact Me form to alert the blog owner of the problem.
Good Luck!
Mitch
At first sight looks so complicated but maybe isn’t like that. Anyway, I’m not a fan of CAPTCHA but you don’t know when you’ll need something like this.