One of the most difficult and annoying things to deal with in WordPress blog management is spam entries. This could be in the form of blog comments, bots' traffic, malicious attacks, or contact form entries.
Dealing with spam entries could take your productivity time away. Not to mention the potential havoc it could have on your blog performance and user experience.
There are many web security applications developed today to combat bots traffic and other automated attacks. One of which is Google reCAPTCHA v3.
So, in today's post, we will be looking at how to add Google reCAPTCHA v3 to Gravity Forms to stop spam and bot traffic from invading your web forms.
If you use Gravity Forms for your WordPress blog contact forms, you'll find this post helpful. Also, if you use WPForms or Ninjaforms, the process described in this post is the same.
Follow the steps guide in this tutorial to integrates v3 reCAPTCHA to your WordPress webforms.
But first, let's see what exactly Google reCAPTCHA v3 is?
What is Google reCAPTCHA v3?
For a general use case, this video explains how the Google reCAPTCHA v3 works to stop spammers and bots from accessing your website content.
Google reCAPTCHA v3 is a free web security application developed by Google to protect against spam entries, automated attacks, malicious software attacks, and bot traffic.
The application works behind the scenes to determine if an onsite action is made by a human or a bot. V3 reCAPTCHA is developed to provide a better user experience and to catch more sophisticated bots in their tracks.
Unlike its predecessor, reCAPTCHA v2, which uses a puzzle image, or check bot to verify if the traffic is legitimate or not; reCAPTCHA v3 runs an adaptive risk analysis engine in the background of your site to tell if an action or traffic is suspicious or not.
This type of advanced web security analysis helps improve the user experience and eliminates the need to go through CAPTCHA challenges to access a web page.
But it also comes with its own drawback which I discussed in the FAQ section of this post. So, continue reading.
Is Google v3 reCAPTCHA Free?
To an extent, v3 reCAPTCHA is a free service from Google for small business owners and webmasters. If your website generates less than a million API calls per month, reCAPTCHA is free to use.
However, for large-scale websites with over a million API calls per month, or 10,000 API calls per second, you can sign up for the enterprise reCAPTCHA account.
For every 10,000 API calls in the enterprise reCAPTCHA account, Google charges $1. And if you generate over 10 million API calls per month, there is a custom solution for you.
Aside from this, reCAPTCHA is a free service from Google to you.
How Google reCAPTCHA v3 Works with Gravity Forms
Gravity forms come pre-built with the reCAPTCHA v2. You don't have to do anything else to make it work with your WordPress contact forms. But for Google reCAPTCHA v3, there is a bit of a workaround to make it work with your contact forms.
In reCAPTCHA v3, Google tracks users' behaviors or actions on your site to determine if it's a human or a bot. Then it assigns a score to the user's action.
The user's data collected is used to determine if the traffic is legit or not. A score between 0.0 to 1.0 is assigned to the action. A score of 1.0 is a good score, and 0.0 is a bad score.
Now, when a form is submitted using the Gravity form, the reCAPTCHA v3 scores that are calculated based on the user behavior are stored with the form entry.
Gravity forms will now compare the action score to the threshold in your settings. If the score entry is less than or equal to that threshold, the message is sent to the spam folder.
Google reCAPTCHA v3 is more advanced, secured, and provides an uninterrupted user experience during forms submission.
However, there is one aspect of user privacy that may be of concern to you.
Using Google v3 reCAPTCHA also means that your site user's data will be sent over to the Google server. This puts less privacy control on the user and gives Google more users' personal data.
Though according to Google, captcha's API sends hardware and software information, including device and application data, back to Google for analysis, and the service is only used to fight spam and abuse.
For more information on this privacy issue, read the help documentation on the Google blog.
Is reCAPTCHA v3 better Than reCAPTCHA v2?
There are no right or wrong answers to this question. Each one provides a different type of security measure for your site.
You may have to test with different types of reCAPTCHA to see which one works best in your situation.
There are four types of reCAPTCHA at the time of writing:
- reCAPTCHA v2 (I'm not a robot)
- reCAPTCHA v2 (The invisible reCAPTCHA)
- Android reCAPTCHA
- reCAPTCHA v3
Let's briefly walk through each of the reCAPTCHA.
reCAPTCHA v2 (I'm not a robot check box)
The reCAPTCHA v2 (I'm not a robot check box) is harder on humans and could lower the conversion rate. Since it requires multiple challenges to prove you're a human.
This is the one you see mostly that asks you to check a box or click on a set of images to prove you are human.
reCAPTCHA v2 (Invisible reCAPTCHA)
It is called the invisible reCAPTCHA v2 because all you'll see is a floating badge on the page.
And it is more user-friendly and provides a better onsite experience than v2 reCAPTCHA, I'm not a robot check box.
Also, it could potentially increase conversion since it does not require you to prove you're human unless the traffic is suspicious.
It works in the background tracking mouse movement to determine if the user action is from bots or humans?
If the action is suspected of being a bot, then a checkbox test will pop up asking you to prove you're human.
reCAPTCHA v2 Android
As the name suggests, it is meant to be used on an Android app.
Unless you're an Android app developer, you can safely ignore this one.
The implementation and execution of the reCAPTCHA v2 Android are beyond the scope of this article.
reCAPTCHA v3
v3 reCAPTCHA is also invisible in the sense that it does not require you to pass a test to prove you're human.
As I said earlier, reCAPTCHA v3 uses an adaptive risk analysis engine to detect spam or abusive behavior on your site. It then passes a score to determine how likely the user action is from bots or not?
It's up to you to decide what to do with the score. You can let the action pass through at a lower score or be blocked.
V3 reCAPTCHA can stop real users from accessing your web forms if they think the action is from a bot.
So, you must be careful about what score you give to action to let it go or not.
How to add reCAPTCHA v3 to Gravity Forms
To use reCAPTCHA v3 with your forms, you need the Gravity forms WordPress plugin version 2.5 and above. So, first thing first, get the latest version of the Gravity forms plugin here and install it on your website.
Then download the Gravity Forms reCAPTCHA v3 add-on to work with your form.
You can access the Gravity form add-on page by going to your WordPress dashboard. Click on Form from the sidebar menu, then click on an add-on to access the Gravity forms addon browser.
Scroll down the page to find the reCAPTCHA v3 add-on and select it.
Once you find the Gravity forms v3 reCAPTCHA add-on, you need to install and activate it. After this, you need to integrate your Gravity forms with Google reCAPTCHA v3 API services to make it work.
This process involves getting your Google v3 reCAPTCHA API site and secret keys. It takes less than 5 minutes to complete this process, you don't have to worry about any technical configuration process.
The process is simple and straightforward to follow.
Go to the Google reCAPTCHA API website and follow the steps below.
As with all Google products and services, you need a Gmail account to access the page. So, if you don't have a Gmail account, you need to create one for this purpose.
Log in with your Gmail account and fill in the required field.
Here is the information you need to enter the page:
- A name for your project
- reCAPTCHA v2 or v3? Choose v3
- Enter your domain name without the HTTPS protocol
- Enter an email address
- Accept Google reCAPTCHA terms and conditions.
After filling in all the information and your Google API site and secret keys are generated, switch back to your WordPress admin dashboard. From here click on Form==>>>Settings==>>>reCAPTCHA v3, all from the sidebar menu.
Now, enter the site and secret API keys you copied from Google into the corresponding form filed.
If everything goes fine, you should see the green checkmark like in the image below.
The default global setting for the score threshold is 0.5. However, since websites are not created equally, user behavior and actions are not the same. So, you can choose to configure the Google reCAPTCHA threshold for your site.
For more information on how to configure the threshold based on your site users, read the documentation help post.
At this point, reCAPTCHA v3 is now enabled on all Gravity forms on your website. If you want to exclude some contact forms from using the v3 reCAPTCHA security, you can do so by going to the appropriate form setting page in your WordPress admin dashboard.
Open the form setting page and check the box that says " Disable reCAPTCHA v3 for this form " next to the web form you want to exclude.
Click on the save button and from that moment, reCAPTCHA v3 will not work on that form.
FAQ using Gravity Forms with Google reCAPTCHA v3
Conclusion...
Gravity Forms is one of the best, secure, and advanced WordPress form builders today. Using Gravity Forms with Google reCAPTCHA v3 will provide your site users with a more secured and seamless experience.
If you've been trying to use reCAPTCHA v3 with your web forms, I hope this tutorial helps you solve that?
