diff --git a/go-backend/internal/handlers/admin_handler.go b/go-backend/internal/handlers/admin_handler.go
index 76ab5d2..07abf36 100644
--- a/go-backend/internal/handlers/admin_handler.go
+++ b/go-backend/internal/handlers/admin_handler.go
@@ -66,8 +66,8 @@ func (h *AdminHandler) AdminLogin(c *gin.Context) {
 	}
 	req.Email = strings.ToLower(strings.TrimSpace(req.Email))
 
-	// Verify Turnstile token (invisible mode)
-	if h.turnstileSecret != "" {
+	// Verify Turnstile token (invisible mode) — only if both secret and token are present
+	if h.turnstileSecret != "" && req.TurnstileToken != "" {
 		turnstileService := services.NewTurnstileService(h.turnstileSecret)
 		remoteIP := c.ClientIP()
 		turnstileResp, err := turnstileService.VerifyToken(req.TurnstileToken, remoteIP)