Everything you need to know about reCAPTCHA v3

The importance of ReCAPTCHA v3 for your website!

At Digital Fuse we pride ourselves on being informed and keeping up to date on the latest changes and developments in web design and technology. reCAPTCHA recently came to our attention with a new v3 system. We decided to investigate this to get prepared for integrating the new system and get to grips with how it works. We found some interesting developments in the world of reCAPTCHA security. So before we begin, get yourself a cup of tea, a biscuit or two (or three) and prepare to take a quick dip into the world of reCAPTCHA’s.

reCAPTCHA is one of the biggest security measures used for protection against spam from website submission forms. It stands for Completely Automated Public Turing test to tell Computers and Humans Apart. If you’ve come across a contact form on a website the likelihood is you’ve encountered a reCAPTCHA facility.

The main function of reCAPTCHA is to determine if the user is a bot – or human. This can be done in a number of ways. Firstly, making the users select from a number of images and select key details such as traffic lights, cars, busses etc. Secondly, there are text-based variations in which users will need to type out text which has been heavily disguised. These tests can be very tiresome for the users and can deter potential customers from sending enquires, this is where reCAPTCHA v3 comes in

reCAPTCHA v3 is a new invisible security measure introduced by Google. It adds protection to your website contact forms without forcing the user to jump through a series of hoops to verify they’re human. The usage of reCAPTCHA v3 can be displayed on your website with a discreet badge to signify that your forms are secure.

How does reCAPTCHA v3 actually work?

reCAPTCHA v3 works behind the scenes to determine if the user is a robot or human. Google haven’t made it public exactly how this is done (so it can’t be exploited) – however we do know it’s based on a series of factors. One of these factors is the user’s IP address, and the user’s previous interactions with any reCAPTCHA facility. Based on your previous usage, Google will determine if that particular user is a bot. If so – the puzzle challenges will display, stopping the bot in it’s tracks. However if the user is determined to be human, then the reCAPTCHA requirement will not display.

Will v3 affect Contact form 7 or Gravity Forms plugins?

Contact Form 7 is no longer supporting reCAPTCHA v2. As this is not supported you may find a sudden increase in the amount of spam messages you’re receiving. This will be the first indicator that your defences are down and reCAPTCHA has stopped working. We advise you to upgrade to reCAPTCHA v3 immediately. The alternative is to switch to another form system that will allow you to continue using reCAPTCHA v2, such as Gravity Forms.

Gravity Forms still supports the usage of both reCAPTCHA v2 and v3, so either option is perfectly fine. We advise that if your site is using the v2 reCAPTCHA to upgrade to v3 as soon as possible. This ensures that your site is protected using the latest methods. Also taking full advantage of Google insights in stopping spam messages. The best time to future proof is now!

reCAPTCHA v3 on a Non-WordPress website

Digital Fuse are WordPress based, although there are occasions where we come across a non-WordPress related site that requires assistance. Due to the sheer number of different systems and frameworks out there, we cannot offer any guarantees that we’ll be able to get this sorted for you. However we will be able to review your system and provide any advice or guidance on how this can be fixed.

I don’t like how the v3 badge looks, can I remove it?

When the reCAPTCHA v3 facility is integrated, this will display a blue floating tab with the reCAPTCHA logo. You can choose to toggle this to the left or right hand side of the screen – or even within the form itself. Depending on the nature of your website the badge might look somewhat jarring and out of place on your web page. Or from our experience, hover over important info in the sidebar or a ‘back to top’ button.

If this is the case, you can hide the badge by using a small snippet of CSS code seen below. This code can normally be entered into your WordPress Theme options, within the CSS panel:

.grecaptcha-badge {
visibility: hidden;
}

This code simply hides the banner, but doesn’t inhibit the reCAPTCHA v3 function to block any spam messages. This is a perfect solution for users who wish to have the peace of mind that they have the v3 security without marring the look and feel of their website.

One point to be aware of is the usage guidance. According to the reCAPTCHA Terms of service (that you would have agreed to prior to integrating reCAPTCHA) you must inform visitors about the reCAPTCHA implementation on your site. Preferably just before the submit button of your form stating that your website is protected by reCAPTCHA v3.

That about sums it up. We hope you have found this article helpful in answering your questions about reCAPTCHA v3. If you have any further questions or queries not covered above then please don’t hesitate to contact us.

Menu