Fix middle login

README.md

@@ -103,6 +103,34 @@ This method requires command-line access to your server and familiarity with Git
 <p><strong>Solution:</strong> Use the pre-packaged release from the <a href="https://github.com/Multisite-Ultimate/ultimate-multisite/releases">Releases page</a> which includes all required files.</p>
 </details>
 
+<details>
+<summary><strong>Site screenshots show a Cloudflare challenge page instead of the actual site</strong></summary>
+<p>Ultimate Multisite uses <a href="https://www.thum.io/">thum.io</a> to generate site screenshots. If your network is behind Cloudflare with Bot Fight Mode or similar protections enabled, thum.io's screenshot bot may be blocked and return a Cloudflare challenge page instead of your site screenshot.</p>
+
+<p><strong>Solution:</strong> Create a Cloudflare WAF exception rule to allow thum.io's bot:</p>
+
+<ol>
+<li>Log in to your <a href="https://dash.cloudflare.com/">Cloudflare dashboard</a></li>
+<li>Select your domain</li>
+<li>Go to <strong>Security → WAF → Custom rules</strong></li>
+<li>Click <strong>Create rule</strong></li>
+<li>Configure the rule:
+<ul>
+<li><strong>Rule name:</strong> <code>Allow thum.io screenshot bot</code></li>
+<li><strong>Field:</strong> <code>User Agent</code></li>
+<li><strong>Operator:</strong> <code>contains</code></li>
+<li><strong>Value:</strong> <code>Thum.io</code></li>
+<li><strong>Action:</strong> <code>Skip</code> → Select all skip options (WAF, Rate Limiting, etc.)</li>
+</ul>
+</li>
+<li>Click <strong>Deploy</strong></li>
+</ol>
+
+<p>Alternatively, if you use Cloudflare's Super Bot Fight Mode, you can add an exception in <strong>Security → Bots → Configure Super Bot Fight Mode</strong> to allow verified bots or specific user agents.</p>
+
+<p><strong>Note:</strong> Screenshots require sites to be publicly accessible. Local development environments cannot generate screenshots regardless of Cloudflare settings.</p>
+</details>
+
 ## 🚀 Contributing
 
 We welcome contributions to Ultimate Multisite! Here's how you can contribute effectively:

assets/css/legacy-signup.css

@@ -18,6 +18,10 @@ body {
 .wu-setup #wu-thank-you-element table {
   width: 100%;
 }
+#wu-sites > div {
+  max-width: 100%;
+  overflow: hidden;
+}
 .wu-setup .button .dashicons,
 .wu-setup .button .dashicons-before::before {
   height: 16px;

assets/js/checkout.js

@@ -902,11 +902,36 @@
 						? this.email_address || ''
 						: this.username || '';
 
-					this.request('wu_inline_login', {
+					// Include captcha tokens if present on the page.
+					const login_data = {
 						username_or_email,
 						password: this.inline_login_password,
 						_wpnonce: jQuery('[name="_wpnonce"]').val()
-					}, function(results) {
+					};
+
+					const recaptcha_token = jQuery('input[name="g-recaptcha-response"]').filter(function() {
+						return this.value;
+					}).first().val();
+					const hcaptcha_token = jQuery('input[name="h-captcha-response"]').filter(function() {
+						return this.value;
+					}).first().val();
+					const cap_token = jQuery('input[name="cap-token"]').filter(function() {
+						return this.value;
+					}).first().val();
+
+					if (recaptcha_token) {
+						login_data[ 'g-recaptcha-response' ] = recaptcha_token;
+					}
+
+					if (hcaptcha_token) {
+						login_data[ 'h-captcha-response' ] = hcaptcha_token;
+					}
+
+					if (cap_token) {
+						login_data[ 'cap-token' ] = cap_token;
+					}
+
+					this.request('wu_inline_login', login_data, function(results) {
 
 						that.logging_in = false;
 
@@ -1043,14 +1068,39 @@
 
 							const username_or_email = fieldType === 'email' ? that.email_address : that.username;
 
+							// Include captcha tokens if present on the page.
+							const inline_login_data = {
+								username_or_email,
+								password,
+								_wpnonce: jQuery('[name="_wpnonce"]').val()
+							};
+
+							const recaptcha_val = jQuery('input[name="g-recaptcha-response"]').filter(function() {
+								return this.value;
+							}).first().val();
+							const hcaptcha_val = jQuery('input[name="h-captcha-response"]').filter(function() {
+								return this.value;
+							}).first().val();
+							const cap_val = jQuery('input[name="cap-token"]').filter(function() {
+								return this.value;
+							}).first().val();
+
+							if (recaptcha_val) {
+								inline_login_data[ 'g-recaptcha-response' ] = recaptcha_val;
+							}
+
+							if (hcaptcha_val) {
+								inline_login_data[ 'h-captcha-response' ] = hcaptcha_val;
+							}
+
+							if (cap_val) {
+								inline_login_data[ 'cap-token' ] = cap_val;
+							}
+
 							jQuery.ajax({
 								method: 'POST',
 								url: wu_checkout.late_ajaxurl + '&action=wu_inline_login',
-								data: {
-									username_or_email,
-									password,
-									_wpnonce: jQuery('[name="_wpnonce"]').val()
-								},
+								data: inline_login_data,
 								success(results) {
 
 									if (results.success) {

composer.json

@@ -54,7 +54,6 @@
         "remotelyliving/php-dns": "^4.3.0",
         "jasny/sso": "^0.4.2",
         "nyholm/psr7": "^1.8.0",
-        "symfony/cache": "^5.4.29",
         "scssphp/scssphp": "^1.11.1",
         "cweagans/composer-patches": "^1.7",
         "woocommerce/action-scheduler": "^3.9.1",