Spam is a huge problem, if you don't protect your forms with some sort of anti-spam measure, it won't be long before you are receiving a huge amount of unsolicited email.  Fortunately Google has invented it's RECAPTCHA v3, which works behind the scenes, validating users.  If a user is suspected of being a bot, it will show a series of images to test that the user is human.  If the user fails the test, then no email is sent.

However, although the RECAPTCHA is very good at what it does, it is not trouble free.  The reason I wanted to write this blog post is because I often have trouble with the RECAPTCHA, especially with new sites and actually getting it working.  This blog post is written for Concrete5 / CMS but some of these concepts may apply to other website platforms too.

The Problem

You try to submit a form, it doesn't submit and just shows this error instead:


Potentially it is a very serious issue leading to lost enquiries etc.  We need to fix it, but what does the error mean and how do we fix it?

What does the error mean?

This error is returned from the form block controller in Concrete5:

// check captcha if activated
if ($this->displayCaptcha) {
            $captcha = Core::make('helper/validation/captcha');
            if (!$captcha->check()) {
                    $errors['captcha'] = t('Incorrect captcha code');
                    $_REQUEST['ccmCaptchaCode'] = '';

It's a bit generic, so we need to try various things:

Potential solutions

  1. Clear the Concrete5 Cache
    Always a good place to start, clearing the cache is quick and easy and then it's easy to retest your form.
  2. Check has the domain name listed in settings 
    Within these settings you need to add the domains that use this CAPTCHA key.  Make sure these are correctly set.
    There is some useful guidance from Google here:

    So for subdomains you can put the main domain instead of the subdomain.
    However, I suspect the IP addresses need to match.
  3. Check you have copied the keys and secret correctly
    Login to the Google RECAPTCHA control panel again (from step 2) and then into your site and go to

    Make sure the keys are correct:
  4. Set Canonical URLs correctly:
    Go to
    Ensure they are set correctly:
  5. Are you using Facebook Like buttons?
    According to this post, it could cause a conflict with IE (if you care about IE)
  6. Check your version of Concrete5/CMS
    There was a fix in v8.5.7 for RECAPTCHA timeout:
  7. Change Form type
    If you are using a Form block, try a Legacy Form block instead
  8. It could be your IP address
    We use a VPN so we can change our IP address.  Sometimes no matter what, the RECAPTHA just refuses to work, so we change our IP address and it then starts to work.  Google obviously got a little annoyed with what we were doing!
  9. If all else fails, make a new CAPTCHA key
    here and make a new one


With some pain, using Google's RECAPTCHA means you can prevent the majority of spam.  It won't block everything, but should bring it down to manageable levels.

Special thanks to for helping us with this article.
If you have any other tips, please email us and we'll be happy to include them and link back to your website.

Who are we?

We are a digital agency specialising in Web Design, Development, Concrete5 and digital marketing, based in London & West Sussex.

We make digital simple. Our purpose is to simplify your frustrations in digital and solve the challenges you face to help make you more money and progressively grow your business or organisation.

Tell me more

Keep up to date

Call us