Adds a Google reCAPTCHA human user verification control to the Participants Database signup form.
Product support page for the Re-Captcha Add-On Plugin.
Product Setup
This add-on requires you to obtain API keys from Google. It’s not hard, but if the process is unfamiliar it may seem like a lot of trouble to go to. You will need a Google account for this, but you don’t have to create a new one if you already have a Gmail account, just log in to your Gmail (or Google Accounts) before you begin and it will go smoothly. Otherwise, create your Google account, then once you’re logged into it, get your API keys as explained below.
Google has created a very helpful setup page for using the reCAPTCHA API, just click on the “sign up for an API key pair” link on this page:
>>>Getting Started with reCAPTCHA
Be sure to click on the sign up for an API key pair link first thing, that’s really all you need to do. The rest of the technical stuff you don’t need to worry about. You will have a choice between reCAPCHA v2 or reCAPCHA v3. V2 gives you a choice to show a checkbox or an “invisible” widget, and will show an image or audio challenge if it can’t determine if the user is human. V3 works entirely in the background for an uninterrupted user experience.
Make your selection and get your key pair, then enter them into the plugin settings. Don’t choose “Android” it’s not supported by the plugin.
Setting Up the reCAPTCHA Field
Once the keys have been entered, go to the “manage database fields” page and create a new field for the captcha (if you don’t already have one). Set the form element setting to “captcha” and enable the field for the signup form by checking the “signup” checkbox.
Enable the Google reCAPTCHA control in the field by typing the word “recaptcha” in the form element “Attributes” field.
The field’s “Validation Message” setting is what will be shown to the user if the reCAPCHA does not pass.
Switching Between reCAPTCHA v2 and v3
If you want to try both reCAPTCHA versions, you can easily switch between v2 and v3, but you will need a different key pair for each. Keep the key pair in a safe place and remember to label which is which.
Product Settings
Site Key, Secret Key
These keys, which are supplied by Google, must be provided for the plugin to work. See the instructions for how to obtain these codes for your site.
CAPTCHA Passed Message
This is what to show if the challenge has been met to let the user know they passed it. It can be a simple string or some HTML if you like.
Widget Type
Selects the widget type to use, you have 4 choices: V2 Checkbox (normal or compact), V2 Invisible, or V3 background validation.
Your key pair must match the type you choose here! When you get your keys generated, you must select the correct type for the widget type you want to use.
Widget Theme
Selects the appearance of the widget for a v2 widget.
reCAPTCHA Badge Location
When using Invisible or v3 reCAPTCHA, a badge is placed on the screen. This setting sets where that is shown. Use the “Inline” setting if you want to style it yourself with CSS.
Revalidation Type
If the user requires additional validation, this selects which type of revalidation widget will be used. It’s usually best to stick with “image” because most people are familiar with it. (V2 only)
reCAPTCHA v3 Minimum Score
This control selects the threshhold for validating a user. The way it works is this: each user gets a score from 0 – 10, with 0 identified with certainty as a bot and 10 identified as certainly a human user. This control sets the minimum score a user must have to be allowed to submit the form. The default is 5. If you are getting bot submissions with 5, you can set this to a higher numer to filter them out. If 5 is rejecting human users, you may want to set it to a lower value.
The important thing to understand about using reCAPTCHA v3 is you will need to monitor the situation to make sure the setting is good for your site: this is very important because different sites have different kinds of users, so some fine-tuning may be needed here to get the best setting. The advantage of v3 is that the user never has to interact with it, but the backside of that is you may need to make sure this setting is correct.
Log Rejected Submissions
When checked, submissions that are complete, but rejected by reCAPTCHA v3 will be printed to the log for analysis. You must have debugging enabled in the Participants Database settings.
This feature is meant to be used temporarily, while making sure that the “Minimum Score” setting is working for your site. The log will fill quickly, so you should clear it on a regular basis.
Be sure to disable debugging in Participants Database whe you’re no longer using the log.
F.A.Q.
Does the plugin support audio CAPTCHA?
Yes, it the “image” or “audio” mode for the fallback validator is chosen in the plugin settings. This validator is only used if the user cannot be validated in the background, so it does not always appear.
How does just clicking the checkbox verify the user?
I don’t know, but this looks like a good answer…
How do I change the message that appears if the user does not click on the reCAPTCHA?
In the main Participants Database settings, under the “General” tab, is the setting: “Failed CAPTCHA Message”
Can I reposition or hide the Google Invisible reCAPTCHA badge?
In the settings, there is a location preference for the badge, try the different settings to see which you like best.
You can change the position, size, etc. of the badge when it is in “inline” mode with your own CSS. Be aware that hiding the badge is probably a violation of Google’s terms of use. It may also be a privacy law violation in the EU. Here is a link with some more details on this question.
Hi, I bought the Recaptcha plugin and it works fine. But I wan’t the I’m not a robot message in Dutch (my wordpress site is set to Dutch (nl) but the captcha stay’s in English.
Please advice.
Hi Jasper,
Thanks for this question, I see that I did not provide a way to localize the recapcha. I will need to issue an update (1.4) that provides a way to set the language.
I plan to do that later today.
Is there any CAPTCHA option for logging users in?
Are you referring to the Participant Login add-on? There is no CAPTCHA for that form, not really needed as the form doesn’t send email or write to the database. There is a simple brute-force prevention. Do you have a specific security concern for your application?
Hi,
The google recaptcha extension is not showing on mobile and therefore not allowing users to complete the sign up form
regards,
Ruben Salas
Hi Ruben,
I don’t know why it is doing this in your case. I don’t see the problem in my tests. Can you tell if it is just not visible or hidden somehow? Without seeing the problem, I can’t be of much help, it may have something to do with your theme. Does it work on a desktop on your site?
Hi Roland, is this add-on compatible with the search shortcode/page?
They aren’t incompatible, but if you want to put a recaptcha on your search page, then no. It’s for the signup form only. You can fairly easily add a recaptcha to the search form using a custom template.
this plugin is paid or free
Paid, but it’s only $5.
Hey. I’m interested in this add-on but I’d like to see it in action first. Do you have a demo page set up? I use a customized installation of Participants Database and I’d like to inspect the rendered add-on to see if it’s going to work with my setup. Thanks!
Yes, you can see it here:
Signup Demo
I have followed the install and config guide but I am getting a HTTP ERROR 500 now the recaptcha field is added. If I remove the captcha field the participant database works perfectly. Sm I missing something simple here?
Thanks
Hi Jonathan,
What version of PHP are you running? Are you able to view your PHP error log?
I installed the plugin, but I am getting an error when I try to activate it.
Fatal error: Unsupported operand types in /data/www/ofwim/wordpress/wp-content/plugins/pdb-recaptcha/PDb_reCAPTCHA.php on line 52
Make sure you are using the latest version of Participants Database.
Thanks! That worked perfectly.
I followed all the instructions here yet the Google reCaptcha does not appear in the [pdb_signup] form.
Make sure you first create a normal CAPTCHA field and set it to appear in the singup form. Are you getting a CAPTCHA at all? Is there a space where it should be? What did you do and exactly is happening?
Hi Roland,
I have added Re-Captcha to the PDB and followed the procedure, creating a new field and so forth.
But – I don’t see the Captcha on the [pdb_record] displays for Saving data as I would have expected – how to enable it here?
Data fields are divided into 4 groups. How to enable Captcha for each of the groups – for when saving data? Do you need to create equally 4 “captcha’s”? I have tried the later, and it didn’t reveal the function, but…?
BR Lars
Hi Lars,
CAPTCHA fields are by default not used in the record edit forms because typically they are not accessed by random people that need to be verified. If you do want to have a captcha in your record edit form, then you must use the “fields” attribute to set all the fields you want shown in the form:
[pdb_record fields="first_name,last_name,email,captcha"]