Through this article, we will see how to use Google reCAPTCHA V3 and V2 to protect a website against spam. The purpose of our article will be to see how to add a captcha on a form. We will also see how Captcha V3 works. Finally, we are going to discuss captcha types and why V3 is better than other versions.
A developer will need:
To be able to protect your website with Google reCAPTCHA V3, you only have to follow a few steps. In this section, we will see the different steps to follow.
To be able to use Google reCAPTCHA V3, you must first register your site on the Google reCAPTCHA platform. Please note that to register a site, it should be published on the net. Here are the steps to follow:
We will use an HTML contact form for illustration. Please note that you might be able to add the catcha on any type of form.
On our HTML contact form, we are going to add a hidden field called “responsecaptcha”. This field is intended to detect whether the user is a human or a robot. Here's what the initial form code might look like.
Code 1 – Initial code without the captcha field
After adding the hidden field and other parameters, we will have a form similar to the one below
Code 2 – Final code with captcha fields v3
If you were able to follow the instructions, you should see the Google reCAPTCHA V3 icon appear on your site in the bottom right corner of your site. It simply means that the captcha is activated; but not yet functional. We look at the next step how to manage the sending of information.
Managing data on the server side will simply consist of:
We are going to create a PHP file that will allow us to retrieve the data submitted by the user. The file could have information similar to the data below:
Please note that the PHP code uses the file_get_contents function which is not necessarily supported by all servers for security or other reasons. In this case, an alternative could be CURL which is highly recommended. By replacing file_get_contents by CURL, the code above will become:
Version 2 offers a checkbox to validate if a user is a robot or physically present on your website. In the event that you prefer version 2, here is the simple procedure to follow:
The main difference between Google reCAPTCHA V2 and V3 is in the approach. Indeed, reCAPTCHA V2 performs a test with images to be identified and version 3 uses a score. In the following, we will see the adjustments in the code for version 2.
In the lines of code below, we illustrate what your code should look like. It is important to notice the line with the code below. < div class = "g-recaptcha" data - sitekey = "VOTRE_CLE_PUBLIC" > < / div >
Your final code should look like this:
Note: We have not gone back to site registration or key creation. To include your reCAPTCHA V2 keys, you must select version 2 when creating the keys.
There is not a major difference in how to handle version 2 and 3. For version 3 you need to set an acceptable score for your website. On the other hand, for version 2, if there is a failure, the information returned will be empty.
reCAPTCHA v3, is the latest version suggested by Google to help protect websites from spam emails. As a difference compared to the "I'm not a robot" version, it doesn't add an extra field to the form. Therefore, this has the effect of reducing the loss of the number of customers who may not pass the tests. The "I'm not a robot" version (V2) can sometimes be frustrating if the visitor fails to solve the puzzle for some reason. Moreover, for some reason, version 3 can be wrong in the evaluation of the score. In the event that this should happen, someone of your visitors might have trouble using your solution.
You can use default WordPress features to protect WordPress comment forms from spam. Plus, if you combine this with reCAPTCHAs, you'll have peace of mind in running your blog. Indeed, a misconfiguration of the comments section of your website can be the cause of several security vulnerabilities. This article looks at how to perfectly set up the comments form in WordPress. We will also follow simple steps to add a reCAPTCHA to prevent spam. Thank you for reading our article, e. If at the end you have any questions or comments, we would love to hear your opinion. Leave us a message at the bottom of the message. You can also send us an email via the contact form .
WordPress has a few options you can use to better protect your websites. Indeed, in the configuration section, there are options that you can configure in a few clicks. We examine some of them in the following. This configuration will be done in the Settings ⇒ Discussion tab. Please make the necessary configurations to better improve the security of your website. Indeed, a bad configuration can affect the way your website works. In addition, a website that does not filter message types is a gateway for hackers and spam.
When you checked this option, it will allow your blog or website to ping the website you tagged in the comments. If the website returns a ping, the website will be visible in the comment where the website was tagged. Please note that more tagged websites will cause more requests on pings and may slow down the website. You should therefore use it with caution.
This option will work side by side with notifications on blogs (option 1), where all pings received from tagged websites will be displayed in the comments section. Indeed, if you activate the notification of all blogs that are linked to your articles, you can also receive a message in return. This will allow you, for example, to have a return message if someone also talks about your article.
When you check this box, you allow users and others to post or submit comments on your posts. Therefore, a comment form will appear at the bottom of articles on your website. A form that visitors can use to leave their opinion.
You can turn this on if you don't want comments to be anonymous and want people to submit their name and email address to post comments.
If you check the box, all users must be registered to post a comment. Indeed, if you want to limit spam, you can, for example, grant the publication of comments only to people who have an account.
You must check this box, if you do not want any user to post comments after specific days when the post was published.
As the option suggests, this option, when checked, lets cookies with author information persist when they submit comments.
This option allows users to reply to comments, by creating nested comments at a specific level provided in the option.
If there are always multiple comments on your post and covers the whole page, this option will help diwordsments in the pages users go to and come to the comments pages to view them.
This option should be checked if you want to receive an email each time someone posts a comment on your post.
When this option is checked, you will receive an email each time a comment is submitted for moderation. It can be used when you have more than one author on your website.
This option can be checked if you want to manually approve every comment on your posts.
This will only display comments from users that you have previously approved.
This will automatically hold the comment for moderation if it only finds the allowed hyperlink in the comments. This option can be used to keep spam comments away from posting.
You should use this form when you want to exclude certain words or paraphrases from your comments section.
Check this box if you want the user's avatar to be visible in the comments section.
The latter allows you to select the rating of user avatars from:
You must use Default Avatar if you want to change or select the avatar type. This is particularly useful if you want to assign a default avatar to users who comment on your website. For users without a custom avatar, you can display a generic logo or a logo generated based on their email address.
We are the experts in creating websites, online stores and functionalities for websites based in Montreal. Contact us today to create your website starting at $1,200.
npgilblas