All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Seeking Help: Websites Blocked by Forced Verification on Hostinger
I'm experiencing a critical issue with my websites hosted on Hostinger. For weeks, my sites (fopath.com, ladycrave.com, globalfurni.com) are being blocked by an unexpected reCAPTCHA "Bot Verification" page on their homepages. This happens randomly and without warning.
This is causing severe problems with Google Search Console, which reports "Page with redirect" errors, stopping my sites from being indexed. A website that can't be found by search engines loses its entire purpose.
I've done extensive troubleshooting. I'm not using Cloudflare or any other third-party CDN. My .htaccess files are clean, and my website plugins (Flarum, PrestaShop, WordPress) don't have any anti-bot features enabled.
This forced verification is not something I asked for. I'll share more details in upcoming posts. Has anyone faced anything similar with Hostinger?
Comments
Move away from Hostinger to @NameCrane
Have you tried asking Hostinger support?
Following up on my previous post about the reCAPTCHA blocking my sites on Hostinger:
After many frustrating conversations with their support, Hostinger finally admitted that their own System Engineers unilaterally added this "bot verification." They claim it's due to perceived DDoS attacks on my websites.
So, they implemented a security measure without my consent that directly harms my site's visibility and then told me they put it there. This is a very concerning practice.
@vkv99888 - why would you insist on using Hostinger if they obviously can't raise up to your basic expectations? Simply move away. There are many hosting brands to choose from.
This forum is a great place in asking for offers. Simply ask for a shared hosting offer, specify some requirements (if you have any), and you will get offers precisely for your needs. Some even have automated migration scripts to migrate all data from Hostinger easily. Others offer to migrate data by support staff if you wish.
Yeah, it's really concerning when a hosting provider actually does something to protect an MJJ customer against a DDoS attack.
No congratulations on your first post, and please go back to Hostloc.
To remove the reCAPTCHA that Hostinger themselves imposed on my websites, they informed me that I must either:
Upgrade my hosting plan to Business or higher (because their internal CDN is only available on those plans).
Or, configure a third-party CDN like Cloudflare myself.
I find this demand completely unacceptable. They unilaterally broke my websites by adding this verification, and now they are demanding I pay more or do their work for them to fix it. My current hosting plan should provide a functional website, period.
Seriously.
You bought cheap shared hosting and are getting DDoSed.
Secondly, their product page clearly states that they use Cloudflare for DDoS protection on the $3/mo service you bought and the upgrade is less than $1/mo.
I hope they null-route all traffic to your websites next time so other customers on the same server don't get affected by the DDoS attacks targeting your sites.
Well they feel they've fixed it, and even offered you some options. If you're not happy just jump to another host and move on with life, lots of fish in the sea etc.
I always read the company name wrong. Hostn...
tough situation, however what that said the DDOS mitigation is something that is needed
I was having the same problem on my website https://2scan.net/ it's a QR code scanner online and I fixed it by following these steps
1- I add the Cloudflare IP address to the file .htaccess as a whitelist IP
https://www.cloudflare.com/ips/
Require ip 103.21.244.0/22
Require ip 103.22.200.0/22
Require ip 103.31.4.0/22
Require ip 104.16.0.0/13
Require ip 104.24.0.0/14
Require ip 108.162.192.0/18
Require ip 131.0.72.0/22
Require ip 141.101.64.0/18
Require ip 162.158.0.0/15
Require ip 172.64.0.0/13
Require ip 173.245.48.0/20
Require ip 188.114.96.0/20
Require ip 190.93.240.0/20
Require ip 197.234.240.0/22
Require ip 198.41.128.0/17
Require ip 2400:cb00::/32
Require ip 2606:4700::/32
Require ip 2803:f800::/32
Require ip 2405:b500::/32
Require ip 2405:8100::/32
Require ip 2a06:98c0::/29
Require ip 2c0f:f248::/32
</IfModule
add this also the systeme just delete it >
2- I add a cache header at the top of my PHP files
header("Cache-Control: public, max-age=16070400, s-maxage=15552000, stale-while-revalidate=3209600, immutable");
A cache valid for 6 months, you can change the time if you want
3- I go to Cloudflare dashboard => caching => configuration and set Browser Cache TTL to "Respect Existing Headers" so the header cache control we have set on the header will work
4- go to the cache rule and set Edge TTL to "Use cache-control header if present, bypass cache if not" and use also status ttl by add the rule range => from 403 => to 503 => no storeand do not set anything on Browser TTL
And at the end, purge everything from your cache at the end
Hostinger’s system is injecting its own reCAPTCHA “Bot Verification” page before your sites load, which explains why it appears randomly across different platforms and breaks Google indexing with “Page with redirect” errors. It isn’t caused by your plugins, .htaccess, or any CDN - it’s Hostinger’s aggressive server‑level bot protection, and you can’t disable it yourself.
Hardcore. Switch providers immediatelly.