One of the most challenging and annoying things to deal with in WordPress blog management is spam entries. This could be blog comments, bots’ traffic, malicious attacks, or contact Form entries.
Dealing with spam entries could take your productivity time away, not to mention the potential havoc it could have on your blog performance and user experience.
Today, many web security applications are developed to combat bot traffic and other automated attacks. One of which is Google reCAPTCHA v3.
So, in today’s post, we will look at how to add Google reCAPTCHA v3 to Gravity Forms to stop spam and bot traffic from invading your web forms.
Follow the steps guide in this tutorial to integrate v3 reCAPTCHA into your WordPress web forms.
But first, let’s see what exactly Google reCAPTCHA v3 is.
What is Google reCAPTCHA v3?
For a general use case, this video explains how Google reCAPTCHA v3 works to stop spammers and bots from accessing your website content.
Google reCAPTCHA v3 is a free anti-spam web security application developed by Google to protect against spam, automated attacks, malicious attacks, website abuse, and bot traffic.
The application works behind the scenes to determine if a human or a bot makes an onsite action. V3 reCAPTCHA is developed to provide a better user experience and to catch more sophisticated bots in their tracks.
Unlike its predecessor, reCAPTCHA v2, which uses a puzzle image or check bot to verify if the traffic is legitimate, reCAPTCHA v3 runs an adaptive risk analysis engine in the background of your site to tell if an action or traffic is suspicious or not.
This advanced web security analysis helps improve the user experience and eliminates the need to access a web page through CAPTCHA challenges.
But it also comes with its drawbacks, which I discussed in the FAQ section of this post. So, continue reading.
Is Google v3 reCAPTCHA Free?
To an extent, v3 reCAPTCHA is a free service from Google for small business owners and web admins. If your website generates less than a million API calls per month, reCAPTCHA is free to use.
However, for large-scale websites with over a million API calls per month or 1,000 API calls per second, you can sign up for the enterprise reCAPTCHA account.
For every 1,000 API calls in the enterprise reCAPTCHA account, Google charges $1. And if you generate over 10 million API calls per month, there is a custom solution for you.
Aside from this, reCAPTCHA is a free service from Google for you.
How Google reCAPTCHA v3 Works with Gravity Forms
Gravity forms come pre-built with the reCAPTCHA v2. You don’t have to do anything else to make it work with your WordPress contact forms. But for Google reCAPTCHA v3, there is a bit of a workaround to make it work with your contact forms.
In reCAPTCHA v3, Google tracks users’ behaviours or actions on your site to determine if it’s a human or a bot. Then, it assigns a score to the user’s activity.
The user’s data is used to determine whether the traffic is legit. A score between 0.0 and 1.0 is assigned to the action. A score of 1.0 is a good score, and 0.0 is a bad score.
When a form is submitted using the Gravity form, the reCAPTCHA v3 scores calculated based on the user behaviour are stored with the form entry.
Gravity forms will now compare the action score to the threshold in your settings. The message is sent to the spam folder if the score entry is less than or equal to that threshold.
Google reCAPTCHA v3 is more advanced and secure, providing an uninterrupted user experience during form submission.
However, one aspect of user privacy may be of concern to you.
Using Google v3 reCAPTCHA also means your site user’s data will be sent to the Google server. This puts less privacy control on the user and gives Google more user data.
According to Google, the captcha’s API sends hardware and software information, device and application data, back to Google for analysis. The service is only used to fight spam and abuse.
For more information on this privacy issue, read the help documentation on the Google blog.
Is reCAPTCHA v3 Better Than reCAPTCHA v2?
There are no right or wrong answers to this question. Each one provides a different type of security measure for your site.
You may have to test several types of reCAPTCHA to see which works best in your situation.
There are four types of reCAPTCHA at the time of writing:
- reCAPTCHA v2 (I’m not a robot)
- reCAPTCHA v2 (The invisible reCAPTCHA)
- Android reCAPTCHA
- reCAPTCHA v3
Let’s briefly walk through each of the reCAPTCHA.
reCAPTCHA v2 (I’m not a robot check box)
The reCAPTCHA v2 (I’m not a robot check box) is harder on humans and could lower the conversion rate. Since it requires multiple challenges to prove you’re a human.
This is the one you see mostly that asks you to check a box or click on a set of images to prove you are human.
reCAPTCHA v2 (Invisible reCAPTCHA)
It is called the invisible reCAPTCHA v2 because all you’ll see is a floating badge on the page.
It is more user-friendly and provides a better onsite experience than v2 reCAPTCHA; I’m not a robot check box.
Also, it could increase conversion since it does not require you to prove you’re human unless the traffic is suspicious.
It works in the background, tracking mouse movement to determine if the user action is from bots or humans.
If the action is suspected of being a bot, a checkbox test will ask you to prove you’re human.
reCAPTCHA v2 Android
As the name suggests, it is meant to be used on an Android app.
You can safely ignore this unless you’re an Android app developer.
The implementation and execution of the reCAPTCHA v2 Android are beyond the scope of this article.
v3 reCAPTCHA is also invisible because it does not require you to pass a test to prove you’re human.
As I said earlier, reCAPTCHA v3 uses an adaptive risk analysis engine to detect spam or abusive behaviour on your site. It then passes a score to determine how likely the user action is from bots or not.
It’s up to you to decide what to do with the score. You can let the action pass through at a lower score or be blocked.
V3 reCAPTCHA can stop real users from accessing your web forms if they think the action is from a bot.
So, you must be careful about what score you give to action to let it go or not.
How to add reCAPTCHA v3 to Gravity Forms
To use reCAPTCHA v3 with your forms, you need the Gravity Forms WordPress plugin version 2.5 and above. So, please get the latest version of the Gravity Forms plugin here and install it on your website.
Then download the Gravity Forms reCAPTCHA v3 addon to work with your Form.
You can access the Gravity form addon page on your WordPress dashboard. Click Form from the sidebar menu, then click on an addon to access the Gravity Forms addon browser.
Please scroll down the page to find the reCAPTCHA v3 Gravity Forms addon and select it.
Once you find the Gravity Forms reCAPTCHA v3 addon, please install and activate it. After this, you must integrate your Gravity forms with Google reCAPTCHA v3 API services to make it work.
This process involves getting your Google v3 reCAPTCHA API site and secret keys. It takes less than 5 minutes to complete this process; you don’t have to worry about any technical configuration process.
The process is simple to follow.
Go to the Google reCAPTCHA API website and follow the steps below.
As with all Google products and services, you need a Gmail account to access the page. So, if you don’t have a Gmail account, you must create one.
Log in with your Gmail account and fill in the required field.
Here is the information you need to enter the page:
- A name for your project
- reCAPTCHA v2 or v3? Choose v3
- Enter your domain name without the HTTPS protocol
- Enter an email address
- Accept Google reCAPTCHA terms and conditions.
After filling in all the information and your Google API site and secret keys are generated, switch back to your WordPress admin dashboard. From here, click on Form ==>>>Settings==>>>reCAPTCHA v3, all from the sidebar menu.
Enter the site and secret API keys you copied from Google into the corresponding form field.
If everything goes fine, you should see the green checkmark like in the image below.
The default global setting for the score threshold is 0.5. However, user behaviour and actions differ since websites are not created equally. So, you can configure your site’s Google reCAPTCHA threshold.
For more information on configuring the threshold based on your site users, read the documentation help post.
Now, reCAPTCHA v3 is enabled on all Gravity forms on your website. If you want to exclude some contact forms from using the v3 reCAPTCHA security, go to the appropriate form setting page in your WordPress admin dashboard.
Open the form setting page and check the “Disable reCAPTCHA v3 for this form” next to the web form you want to exclude.
Click on the save button, and reCAPTCHA v3 will not work on that Form from that moment.
FAQ – Gravity Forms With Google reCAPTCHA v3
Is reCAPTCHA v3 more secure than v2?
While reCAPTCHA v3 is easier on humans than v2, neither is more secure.
v3 reCAPTCHA gives a better user experience and a more convenient way for site administrators to control the site security setup. But for non-technical site admins, it could also be tricky to determine what is a bot or human traffic.
Since you have to decide what action to place the threshold for a particular response, this is not something that everyone can handle or do.
Do Gravity forms support reCAPTCHA v3?
By default, Gravity forms do not come with in-built support for Google reCAPTCHA v3, but there is an addon to integrate the v3 reCAPTCHA services to all your Gravity forms now and in the future.
However, it does come with built-in support for Google reCAPTCHA v2.
Does Akismet work with Gravity Forms?
Akismet works seamlessly with your Gravity Forms by integrating the addon with the WordPress Akismet plugin.
After integration, Akismet will be enabled on all your Gravity forms. The Akismet spam protection for bots entries will check every web form submission.
Do Gravity Forms Have an API for developers?
Gravity forms have a library of APIs for accessing and extending the default functionalities.
If you’re a developer wanting to get more from your Gravity forms, you can access the developer’s API documentation page from here.
Gravity Forms is among today’s best, most secure, and most advanced WordPress form builders.
Using Gravity Forms with Google reCAPTCHA v3 will give your site users a more secure and seamless experience.
If you’ve been trying to use reCAPTCHA v3 with your web forms, I hope this tutorial helps you solve that.