“reCAPTCHA” is effective in preventing cyber-attacks using contact forms. This is a must-have service to protect your website and prevent information leaks. In this article, we will explain in detail the overview of reCAPTCHA, the characteristics of v3, v2, and v2 invisible, the advantages and disadvantages of implementing reCAPTCHA, and the installation procedure!
What is reCAPTCHA?
reCAPTCHA is a service provided by Google to prevent spam attacks on websites by
bots
.
Many of you may have seen the checkbox that says “I’m not a robot” displayed on the contact form submission screen or login screen. That is reCAPTCHA.
If you set up a contact form, etc., there is a possibility that it will be attacked by bots, but reCAPTCHA is a tool used to prevent such attacks. It is no exaggeration to say that it is essential to ensuring the safety of modern websites.
Types and differences of reCAPTCHA
reCAPTCHA is a service used by many websites. There are three main types of reCAPTCHA. The types are as follows.
Let’s check the characteristics and differences of each.
Features of reCAPTCHA v3
reCAPTCHA v3 is the latest version of reCAPTCHA, and it is a service that eliminates the hassle of authentication for users visiting your website. It is also used in the “MarketTRUNK”
. When using reCAPTCHA from now on, it is recommended to use reCAPTCHA v3.
As detailed later, reCAPTCHA v2 requires users to enable a checkbox to distinguish between humans and bots. However, reCAPTCHA v3 no longer requires user operations such as enabling checkboxes.
reCAPTCHA v3 automatically learns the behavior patterns of bots and humans on websites, and automatically determines whether the user currently visiting the website is a bot or a human.
Therefore, reCAPTCHA is invisible to the user, and of course there is no need for any operations or effort. It also offers very high performance in terms of safety and usability.
Features of reCAPTCHA v2
reCAPTCHA v2 requires a checkbox to be enabled to distinguish between bots and humans. The reCAPTCHA we can confirm is this reCAPTCHA v2.
reCAPTCHA v2 has two patterns of behavior after enabling the checkbox. The first is a pattern that allows you to send forms as is.
This happens if the user is determined to be human when the checkbox is enabled.
On the other hand, there is another pattern in which image diagnosis is performed after enabling the checkbox.
In this pattern, when the checkbox is enabled, the user is not recognized as a human, and the checkbox is checked again.
Although reCAPTCHA v2 is highly secure, it causes trouble for users. As a result, there is a risk of people leaving the website, so it is a good idea to change to reCAPTCHA v3 if possible.
Features of reCAPTCHA v2 invisible
reCAPTCHA v2 invisible distinguishes whether a user is a bot or a human without requiring any checkboxes to be enabled.
There are two patterns of reCAPTCHA v2 invisible behavior. The first pattern is that when the user clicks the send button, it assumes that the user is a human and takes action. This pattern, of course, requires no effort from the user.
Another pattern occurs when the user is not determined to be human. If the user is not determined to be human, reCAPTCHA v2 will also perform a diagnosis using the built-in images.
Purpose of introducing reCAPTCHA
The main purpose of introducing reCAPTCHA is to prevent form attacks by bots. A bot is a program that automatically sends arbitrary characters or sentences.
If you set up a contact form etc. on your website, it may be subject to malicious attacks by bots from overseas.
Some attacks may send URLs of malicious sites or strings containing computer viruses.
The purpose of introducing reCAPTCHA is to prevent information leaks and website deficiencies from falling victim to such attacks.
Advantages of implementing reCAPTCHA
reCAPTCHA is an excellent service that prevents attacks from bots, but there are many other services that prevent attacks from bots. However, reCAPTCHA is currently the most popular service for preventing attacks from bots on many websites.
From here, we will explain the four benefits of reCAPTCHA, which are the reasons why reCAPTCHA is so commonly used.
*Specific introduction and implementation methods for reCAPTCHA are described later.
Free bot spam protection
By implementing reCAPTCHA, you can prevent bot spam for free.
Once you build your website and set up an email form, you will likely receive a variety of email inquiries. Some emails may contain advertisements or promotional affiliate links. The email may be in a foreign language that is difficult to decipher, or it may contain strings of characters that make no sense.
These spam emails are usually sent automatically by computer programs (computer viruses) called “bots”. reCAPTCHA identifies and prevents spam activities automatically carried out by bots.
Easy to implement
reCAPTCHA is provided as
a plugin
for
WordPress
, etc., and is easy to implement. Please refer to the steps below to implement reCAPTCHA using WordPress.
1. Log in to WordPress
2. Click “Add new” from “Plugins” from the menu on the left side of the screen.
3. Enter “reCAPTCHA” from the “Search Plugin” box in the upper right corner.
4. As you type, multiple reCAPTCHA plugins will be displayed.
5. Select the plugin you want to install and click “Install now”
6. The text changes from “Install now” to “Activate”, so click “Activate”
Implementation is completed by following the steps above.
Other plugins include:
- Advanced Google reCAPTCHA
- Simple Google reCAPTCHA
- Invisible reCaptcha for WordPress
As you can see, WordPress enthusiasts provide free plugins, and you can choose the one that suits your website.
layout is in order
reCAPTCHA has a relatively neat layout compared to other services and tools.
In addition, reCAPTCHA v2 invisible and reCAPTCHA v3 are not displayed on the surface of the inquiry form, so they do not affect the layout of the form.
Since the layout of the form is not affected, the contact form becomes very user-friendly.
It is also very convenient that reCAPTCHA does not get in the way when optimizing the layout and design of your contact form.
no timeout occurs
If it takes too long to send an inquiry form, etc., a timeout will occur.
With conventional anti-bot tools, filling out an inquiry form takes a long time to process, often resulting in timeouts.
For companies, when an inquiry form times out, it is a huge opportunity loss as there is a possibility of losing one inquiry.
With reCAPTCHA, the process from obtaining user responses to sending them is performed continuously, so processing is extremely fast and the risk of timeouts is reduced.
Disadvantages of reCAPTCHA
The disadvantages of reCAPTCHA include the following.
Let’s take a look at the details.
Unable to respond to manual spam
The role of reCAPTCHA is to determine whether an action was performed by a bot or a human, and to eliminate spam automatically performed by bots.
Due to this system role, it has the disadvantage that it cannot respond to spam that is manually performed by humans.
There is a risk of impairing usability
Although reCAPTCHA prevents spam by bots with a high degree of accuracy, it still has some problems in terms of usability.
reCAPTCHA v2 and reCAPTCHA v3 may degrade usability in different areas.
Decreased usability in reCAPTCHA v2
When reCAPTCHA v2 is implemented, a checkbox that says “I’m not a robot” will be displayed before inquiries are sent to the website administrator.
By checking this checkbox, the user can proceed to the next step. There are two options: you can proceed smoothly to the next step, or you may be required to undergo another image test to confirm whether you are a human.
If reCAPTCHA determines that the user’s behavior is strange based on the analysis of the user’s footsteps and site data, it will proceed to the image testing process. This image test may be completed once, or the user may be required to perform it multiple times.
Due to these system characteristics, reCAPTCHA v2 takes a considerable amount of time to complete. This can be extremely annoying for users, and can be one of the factors that reduces usability on your website.
Decreased usability in reCAPTCHA v3
reCAPTCHA v3 abolished checkboxes and image tests and introduced an AI system called judgment score.
By automatically identifying users, AI eliminates the need to perform actions such as image authentication and checking checkboxes. This improved usability from a user perspective.
On the other hand, a new disadvantage has emerged: “reCAPTCHA v3 misjudgment”. Since the judgment score is determined based on the “threshold”, it cannot be denied that there are some ambiguous parts in the judgment criteria. In other words, humans may be excluded and bots may be allowed to pass.
In particular, with the WordPress form installation plug-in “Contact Form7,” there are frequent cases where inquiries cannot be sent even though a person manually fills out the form.
Errors may occur
In rare cases, websites that have implemented reCAPTCHA (v2 and v3) may experience events such as “authentication fails” or “authentication is retried many times and cannot proceed” due to errors caused by reCAPTCHA. there is.
When these errors occur frequently, usability deteriorates significantly and users give up on their work. How to avoid this error will be explained later.
How to introduce and implement reCAPTCHA
From here, we will explain how to implement reCAPTCHA in detail. There are three steps required to implement reCAPTCHA:
Let’s take a look at them in order.
Preparation in advance
The following two preparations are required to implement reCAPTCHA.
As mentioned earlier, reCAPTCHA is a service developed and supported by Google, so a Google account is required. You will also need a form to install reCAPTCHA, so please complete it before installing.
Get API key
Once you have made your preparations, you will need to register your website with Google and obtain an
API
key. There are two steps required from registering your site to obtaining an API key.
1. Access the URL below and then click “v3 admin console”
https://www.google.com/recaptcha/intro/v3.html
2. When you move to the “Register a new site” screen, enter the items. At the same time, select whether to use reCAPTCHA v2 or reCAPTCHA v3. Unless you have a particular reason, choose v3.
implementation
Once you have obtained the API key using the above method, it is time to implement reCAPTCHA on your website. Also, there are two things required when implementing reCAPTCHA: a “site key” and a “secret key”.
Be sure to follow Google’s instructions to complete the setup for both your website and
server
. In particular, it is easy to forget the server settings, so be careful. If you don’t know how to implement it, please refer to Google’s help.
What to do if you want to hide the reCAPTCHA logo (protection mark)
Once reCAPTCHA is implemented, the reCAPTCHA logo (protection mark) will be permanently displayed at the bottom right of the website. If you hover your mouse over the logo, you’ll see the message “Protected with reCAPTCHA.” We will explain how to hide this display using Google’s official method.
As preparations, please check whether the following requirements are met.
- Google reCAPTCHA v3 has been installed
- WordPress plugin Contact Form7 has been installed
First, copy the following three lines from Google’s official website. It is OK to copy the following.
This site is protected by reCAPTCHA and the Google
<a href=”https://policies.google.com/privacy”>Privacy Policy</a> and
<a href=”https://policies.google.com/terms”>Terms of Service</a> apply.
Next, log in to WordPress, click “Contact” in the left menu, and then click “Contact Form” to proceed to the contact form editing screen. Then paste the 3 lines you copied at the bottom of the form input screen.
Since erasing the reCAPTCHA logo (protection mark) is a violation of Google’s terms and conditions, we have written here instead, “The logo is hidden, but reCAPTCHA is set.” Finally, press the save button to save.
Next, copy the code below from the Google official account mentioned earlier. It is OK to copy the following.
.grecaptcha-badge { visibility: hidden; }
The above code is the code to hide the reCAPTCHA logo (protection mark).
Return to the WordPress editing screen again, and click “Additional
CSS
” from the left menu “Appearance” → “Customize” to open the CSS editing screen.
Paste the code you copied from Google’s official account at the bottom of the form on the CSS editing screen that opens.
Finally, press the publish button to publish.
What to do when reCAPTCHA authentication as a user results in an error
reCAPTCHA may repeatedly fail even though the user is a human. The following are the main ways to deal with such cases.
Let’s take a look at the details.
Log out of your Google account
A workaround that I often see that works surprisingly well is to try “trying while logged out of your Google account.”
If you try it while logged out, it will work, but if you log in to your Google account again and try it, it will still fail, so it seems that the reproducibility is high.
Try changing your browser
It is also an effective method to try using a newly installed standard browser instead of the browser you usually use.
The reason for this is that the error may be caused by
the cookie
and
JavaScript
settings of the browser you normally use,
the ad block
function, accumulated cache, etc.
Summary: Take effective measures against spam by using reCAPTCHA
We explained the overview, purpose, and benefits of reCAPTCHA, and also introduced how to easily implement it.
Over the years, contact form spam attacks have become more complex and malicious. When setting up a contact form on your website, countermeasures against spam attacks are essential to protect your company’s profits and personal information.
Why not use this article as a reference to reconfirm the importance of reCAPTCHA and consider implementing it?