Are you new to Imunify360? Attend our live Q&A sessions to ask us anything. Check out the dates and SAVE YOUR SPOT!

Imunify360 features: Captcha & Invisible ReCaptcha

Explore Imunify360 with quick and intuitive guide

Some WordPress site owners face CAPTCHA issues caused by Cloudflare's Automatic Platform Optimisation (APO). It looks like an inability to pass the challenge with a message containing the wrong IP address.

Steps to resolve the issue:

1) If you are the server owner then you need to update Imunify360 to v5.4.2 or later. If you are the site owner then you need to request your hosting provider to update Imunify360. Update instructions can be found in documentation.

2) Purge the site's cache in the Cloudflare panel

Imunify360’s firewall, tightly integrated with the WAF, can stop the majority of web application attacks even before they start, but of course, we want to make sure that valid visitors can always reach your website.

We use an advanced Google reCaptcha system (or you can enable the Invisible reCAPTCHA) as it dramatically reduces false positives and improves usability for ‘blocked’ visitors while making it harder for bots to bypass.

If a visitor violates the Imunify360 security rules, tries to enter the wrong password, for example, then Imunify360 automatically blocks the access to your server from their IP address, adding it to the Gray List. It will then redirect the visitor to the Captcha.

Imunify360-invisible recaptcha

If the information requested is entered correctly, Imunify360 will promptly remove that visitor from the Gray List.

 The Invisible reCAPTCHA

You can dramatically enhance the visitor experience by enabling the Invisible reCAPTCHA within the Imunify360 software. Just go to Settings tab -> General section, click the "Install Invisible CAPTCHA"  button. Confirm the installation in the pop-up.

In a nutshell, the Invisible reCAPTCHA uses Google’s Advanced Risk Analysis technology and Artificial Intelligence to determine whether it is a human or not. For example, if a real person had tried to enter their password multiple times, then the user will be redirected to the destination page automatically, with just a few seconds delay, without an annoying validation screen.

Of course, security is still key, and when the Invisible reCAPTCHA detects bot-related requests, it will still trigger the CAPTCHA challenge. This will block the automated software from reaching the website or a page.

Modifying templates

You can modify the footer, the header or the body of the CAPTCHA. You can also change the text of the Imunify360 CAPTCHA and update a localization text to support various languages. To learn more about modifying the template and how to localize it, read this documentation article.


Our top-notch support is here to help.