Could Not Find CAPTCHA Token

This step-by-step repair guide is for anyone who has encountered the

Could not find CAPTCHA token error message. There was nothing on Google that I could find when I was trying to get the Fast Secure Contact Form plugin to work on my blog. Hopefully, this saves someone else from confusion, frustration and gnashing of teeth.


What is the CAPTCHA Token?

Securimage is an open-source free PHP CAPTCHA library that does everything from generating the CAPTCHA images to validating the typed code.
The CAPTCHA Token is written to a temporary file during input validation.


Why is the CAPTCHA Token Not Found?

The Could not find CAPTCHA token message occurs because the Securimage script was unable to create a temporary folder during setup.

After installing the Fast Secure Contact Form plugin, I set up everything. At the time, the plugin did not display the status messages that you will see in this guide. Thanks go to Mike Challis, who developed the Fast Secure Contact Form plugin and updated it after helping me figure out what was wrong with my server settings.


How to Fix the Could Not Find CAPTCHA Token Error

This section will contain all updates, based on reader feedback. Hopefully, I won’t confuse you.

[Updated 8/30/2010] Plugin author Mike Challis commented on the incompatibility between his Fast Secure Contact plugin and Simple Facebook Connect:

SFC Like and SFC Share are both not compatible with Fast Secure Contact Form, they cause the error “Could not read CAPTCHA token file. CAPTCHA token file is missing.”

If you use either or both SFC Like and SFC Share, you’ll want to bookmark the related support thread on Alternatively, you could subscribe to the RSS feed so you’ll know when a new reply is made to that thread.

[Updated 8/29/2010] Reader Frank uses Microsoft IIS Web server and tells us that FTP can’t be used to change the read/write/execute permissions on the captcha-tmp folder. You’ll have to research that bit (at least until another visitor can enlighten us further.) When you find out how to do that, you’ll need to turn on “write” and “execute” permissions for the folder.

[Updated 8/25/2010]: After reader Melinda mentioned seeing this problem on my website, I realized that upgrading the plugin will undo all your fixes! Be sure to redo these steps each time you upgrade.

These screen shots are from Filezilla (FTP program) and the Fast Secure Contact Form plugin screens. If you are not using the plugin, but you are using the Securimage script from the PHP CAPTCHA library, you can still apply the fixes for the Could not find CAPTCHA token error message.

If you are using the Fast Secure Contact Form plugin and have encountered the following screen shot during set-up, you can use this guide to prevent ever seeing any Could not find CAPTCHA token error messages on your contact page.

Note: If you do not have FTP or shell access to your blog, jump to Quick Fix for Mike’s last-resort solution to get the Fast Secure Contact Form plugin to work.


Test the CAPTCHA System

First, if you are using an older version of Fast Secure Contact Form (before version 2.8.2), you’ll need to find out whether the error message is due to a missing folder or an unwritable one. If you are using a more recent version, the plugin settings will alert you as soon as you click the Update Options button, so you can skip this test and jump to Fire Up FTP.

Screen shot #1: Click the Test Link

Screen shot #2: Test Results


Fire Up FTP

Navigate to your plugins folder and find the si-contact-form folder.
Under that, look for the captcha-secureimage folder.

Screen shot #3: Find the si-contact-form plugin folder


Create Temp Folder

Right-click the captcha-secureimage folder and select Create directory.

Screen shot #4: Right-click the captcha-secureimage folder

In the pop-up window, type captcha-temp.

Screen shot #5: Create the captcha-temp folder


Try the PHP Test Again

Return to the test page in your browser and click the Try the PHP Requirements Test again link.

Screen shot #6:Retry the PHP Requirements Test


Did Your Server Fail the Test?

Screen shot #7: Unwritable Folder Message

Note: If your server passed, jump to Final Setting.


Fix Unwritable Folder

The WordPress documentation, Changing File Permissions, explains file permissions in detail. What worked for me may not work for you. It all depends on how your web host’s server is set up. Let’s hope for the best:

  • Right-click the captcha-temp folder
  • Select File permissions . . .
  • Follow the recommended order of changes until your server passes the test

Screen shot #8: File Permissions


Quick Fix

Mike Challis explained to me that his Fast Secure Contact Form plugin will work just fine with the Use CAPTCHA without PHP session option disabled (as long as PHP sessions are working). He adds that fixing the folder permissions problem is recommended. If you can’t do that, then this option is your solution (disregard Final Setting, below.)

Screen shot #9: Uncheck Use CAPTCHA without PHP session


Final Setting

If the test page in your browser shows that captcha-temp is writable, you’re almost done!

Screen shot #10: Writable Folder!

In the plugin settings, make sure that the Use CAPTCHA without PHP session option is checked.

Screen shot #11: Check Use CAPTCHA without PHP session


CAPTCHA System Works

Congratulations! Enjoy your contact forms.

Screen shot #12: LETT me in!


Need More Support?

Mike Challis has a support form that you can complete in order to get help directly from him. (A donation might help, too :) )

From his website:

If you find a problem, please first read the FAQ, then if you still need help, submit a support ticket.

This entry was posted in Musings by Mitchell Allen. Bookmark the permalink.