Recaptcha showing but apparently not working

1

Do I have to somehow ‘require’ recaptcha for it to work? I have ‘version: 2-checkbox’ showing up on my site, but I’m able to submit the form without checking it. Version 3 doesn’t appear to be working either. I’m still getting lots of spam.

recaptcha:
  version: 2-checkbox
  theme: light
  site_key: 6LcnqN812312321...
  secret_key: 6LcnqN8SAAAAAO123123...
2

Did you follow this example?

3

@skipper, I did the following using reCaptcha v3:

  • Created form with copied sample from the docs (see link from @ozfiddler)
  • Created file /user/config/plugins/form.yaml containing:
    recaptcha:
  version: 3
  theme: light
  site_key: 6Lc...Stz
  secret_key: 6Lc...6jz
  • The form shows the following in the lower right corner:
    Untitled
  • When submitting the form, the debugger shows that ReCaptcha successfully verified that I’m human…

Version 3 doesn’t appear to be working either. I’m still getting lots of spam.

May I assume you’re assuming v3 isn’t working because you’re still getting spam?

Unfortunately ReCaptcha doesn’t protect a form from all types of spam…

Captcha is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart”. The verification returns a score whereby a low score denotes a bot. Grav’s form uses a hardcoded threshold of 0.5. Every bot and human having a score higher then .5 will be marked as human.

I’m afraid there are enough humans in the world willing to manually fill-in forms for a few pennies. And also bots become more clever over time…

Spam can also be detected by analysing the content of the form. You could create a plugin which handles the ‘onFormProcessed’ event and use regex to analyse the content of the form.

4

I can successfully submit the form without checking “I’m not a robot”. This tells me it’s not working at all. I followed all the config/examples from the docs but it doesn’t seem to be working. Do I have to ‘process: captcha: true’ on the form to process server side too? This looked optional from the docs…

5

@skipper, Have your tried my steps? I’m using ReCaptcha v3, which does not have a checkbox labelled “I’m not a robot”.

I used the following setting for the form:

process:
   captcha: true
6

I added the “process: captcha: true” to my form and now the captcha is working. This should be labeled as a required field in the docs…

7

Yes, I must admit I don’t really understand the docs:

The above code will validate the Captcha in the frontend and prevent form submission if not correct. To also validate the captcha server-side, add the captcha process action to your forms:

process:
    captcha: true