The problem
If you use the Simple CAPTCHA Alternative with Cloudflare Turnstile plugin alongside Bricks Builder’s native Turnstile integration, you may encounter a timeout-or-duplicate validation error when submitting Bricks forms (login form, contact form, etc.).
I know there was a similar bug discussed in this thread SOLVED: Turnstile - invalid - #22 by sevenofnine but this one is a different issue.
The root cause is a token conflict: Cloudflare Turnstile tokens are single-use. When a Bricks form is submitted via AJAX, WordPress fires the authenticate filter. The plugin hooks into this filter at priority 21 (cfturnstile_wp_login_check) and validates — and therefore consumes — the token. When Bricks then attempts its own validation, the token is already spent and Cloudflare returns timeout-or-duplicate.
This can be confirmed by inspecting the Network tab in DevTools: a single POST to admin-ajax.php with action=bricks_form_submit is enough to trigger the error — no double submission involved.
The fix
The Simple Cloudflare Turnstile plugin exposes a filter specifically for skipping its authenticate-level validation: cfturnstile_wp_login_checks. Returning true tells the plugin to skip its check for that request.
Add this to your child theme’s functions.php:
/**
* Prevent Simple Cloudflare Turnstile plugin from consuming
* the Turnstile token on Bricks form AJAX submissions.
* Bricks handles its own token validation natively.
*/
add_filter( 'cfturnstile_wp_login_checks', function () {
if (
wp_doing_ajax() &&
isset( $_POST['action'] ) &&
$_POST['action'] === 'bricks_form_submit'
) {
return true;
}
return false;
} );
This leaves the plugin fully functional for native WordPress login, registration, WooCommerce, and all other integrations — only Bricks AJAX form submissions are excluded, since Bricks already validates the token itself.
Feature request for the Bricks team
This conflict is invisible to most users and difficult to diagnose. A clean solution on the Bricks side would be to expose a dedicated AJAX action or a documented constant (e.g. BRICKS_FORM_SUBMIT) that third-party plugins and developers can use to reliably identify and skip their own validation hooks during Bricks form submissions.
Alternatively, Bricks could implement its own version of the cfturnstile_wp_login_checks-style filter — a hook that allows external plugins to detect and defer to Bricks’ native Turnstile handling — avoiding the need for manual functions.php workarounds.
Hope this saves someone a few hours of debugging.