If you are using Google’s reCAPTCHA version 3 and it is generally always failing for the users, it is most likely due to the user’s “score.”
reCAPTCHA v3 is based on a user score. If users are being rejected based on the captcha (and assuming the API keys being used are for v3), they are being scored too low.
The plugin currently uses Google’s default of 0.5 as a necessary score to clear the captcha. (See: https://developers.google.com/recaptcha/docs/v3)
Changing the required score
There is not currently a filter hook in the plugin to change this value, but there will be one included in the next version (3.3.9). If you want to use the upcoming filter now, you can replace the plugin’s file /includes/class-wp-members-captcha.php” with the version here. Then you can apply the “wpmem_recaptcha_score” filter as follows:
add_filter( 'wpmem_recaptcha_score', 'my_recaptcha_score' ); function my_recaptcha_score( $score ) { /* * Return a score between 1 and 0.1. * A lower score will let through more results. */ return 0.3; }
A better way
Captchas are an annoyance for users, and they are easily circumvented by malicious users, bots, and spammers. If what you’re really trying to do is avoid spam registrations, there are far better methods than a captcha.
The plugin has a free extension that uses the stopforumspam.org API. Using that alone will likely shut down your spam registration problem to near zero.
A surefire method of shutting down registration spam is to use a “honey pot.” This is a field the user doesn’t see, but a bot does. When we validate the form, if the honey pot field has data in it, the form was most likely completed by a bot or an automated user and is likely spam. Premium support subscribers have access to a tutorial and code snippets on this site that will teach you how to implement a honey pot.
If you want the best of both worlds and a fair and reasonable price, the WP-Members Security extension provides you the stopforumspam.org API, the Akismet API, and a simple setting to enable a honey pot in the WP-Members registration form. (It also includes a number of other great security features like login lockout and prevention of concurrent logins.)