Adds a Google reCAPTCHA human user verification control to the Participants Database signup form.
Product support page for the Re-Captcha Add-On Plugin.
This add-on requires you to obtain API keys from Google. It’s not hard, but if the process is unfamiliar it may seem like a lot of trouble to go to. You will need a Google account for this, but you don’t have to create a new one if you already have a Gmail account, just log in to your Gmail (or Google Accounts) before you begin and it will go smoothly. Otherwise, create your Google account, then once you’re logged into it, get your API keys as explained below.
Google has created a very helpful setup page for using the reCAPTCHA API, just click on the “sign up for an API key pair” link on this page:
>>>Getting Started with reCAPTCHA
Be sure to click on the sign up for an API key pair link first thing, that’s really all you need to do. The rest of the technical stuff you don’t need to worry about. You will have a choice between reCAPCHA v2 or reCAPCHA v3. V2 gives you a choice to show a checkbox or an “invisible” widget, and will show an image or audio challenge if it can’t determine if the user is human. V3 works entirely in the background for an uninterrupted user experience.
Make your selection and get your key pair, then enter them into the plugin settings. Don’t choose “Android” it’s not supported by the plugin.
Setting Up the reCAPTCHA Field
Once the keys have been entered, go to the “manage database fields” page and create a new field for the captcha (if you don’t already have one). Set the form element setting to “captcha” and enable the field for the signup form by checking the “signup” checkbox.
Enable the Google reCAPTCHA control in the field by typing the word “recaptcha” in the form element “Attributes” field.
The field’s “Validation Message” setting is what will be shown to the user if the reCAPCHA does not pass.
Switching Between reCAPTCHA v2 and v3
If you want to try both reCAPTCHA versions, you can easily switch between v2 and v3, but you will need a different key pair for each. Keep the key pair in a safe place and remember to label which is which.
Site Key, Secret Key
These keys, which are supplied by Google, must be provided for the plugin to work. See the instructions for how to obtain these codes for your site.
CAPTCHA Passed Message
This is what to show if the challenge has been met to let the user know they passed it. It can be a simple string or some HTML if you like.
Selects the widget type to use, you have 4 choices: V2 Checkbox (normal or compact), V2 Invisible, or V3 background validation.
Your key pair must match the type you choose here! When you get your keys generated, you must select the correct type for the widget type you want to use.
Selects the appearance of the widget for a v2 widget.
reCAPTCHA Badge Location
When using Invisible or v3 reCAPTCHA, a badge is placed on the screen. This setting sets where that is shown. Use the “Inline” setting if you want to style it yourself with CSS.
If the user requires additional validation, this selects which type of revalidation widget will be used. It’s usually best to stick with “image” because most people are familiar with it. (V2 only)
reCAPTCHA v3 Minimum Score
This control selects the threshhold for validating a user. The way it works is this: each user gets a score from 0 – 10, with 0 identified with certainty as a bot and 10 identified as certainly a human user. This control sets the minimum score a user must have to be allowed to submit the form. The default is 5. If you are getting bot submissions with 5, you can set this to a higher numer to filter them out. If 5 is rejecting human users, you may want to set it to a lower value.
The important thing to understand about using reCAPTCHA v3 is you will need to monitor the situation to make sure the setting is good for your site: this is very important because different sites have different kinds of users, so some fine-tuning may be needed here to get the best setting. The advantage of v3 is that the user never has to interact with it, but the backside of that is you may need to make sure this setting is correct.
Log Rejected Submissions
When checked, submissions that are complete, but rejected by reCAPTCHA v3 will be printed to the log for analysis. You must have debugging enabled in the Participants Database settings.
This feature is meant to be used temporarily, while making sure that the “Minimum Score” setting is working for your site. The log will fill quickly, so you should clear it on a regular basis.
Be sure to disable debugging in Participants Database whe you’re no longer using the log.
Does the plugin support audio CAPTCHA?
Yes, it the “image” or “audio” mode for the fallback validator is chosen in the plugin settings. This validator is only used if the user cannot be validated in the background, so it does not always appear.
How does just clicking the checkbox verify the user?
I don’t know, but this looks like a good answer…
How do I change the message that appears if the user does not click on the reCAPTCHA?
In the main Participants Database settings, under the “General” tab, is the setting: “Failed CAPTCHA Message”
Can I reposition or hide the Google Invisible reCAPTCHA badge?
In the settings, there is a location preference for the badge, try the different settings to see which you like best.
Support Discussions for reCAPTCHA
Thanks for the quick reply on the previous post Roland! Figured I’d start a new comment so as not to spam the previous poster with updates.
Clearing the cache was a good suggestion, but it seems the issue persists. I’ve cleared the cache for both the sign-up page, the site as a whole, as well as my browser cache. I’ve added the form to a different page on the site (https://fcbchicago.com/edit-registration/), but haven’t had any luck. I’ve also disabled all other plugins on the site, except for PDB (version 2.1.5) and PDB reCAPTCHA (version 1.4.7).
I’m struggling to think of what else to try here. Any other ideas?
The behavior you’re seeing sounds like the field isn’t getting the correct configuration from the database. I’m not sure why, I’m unable to duplicate the problem here. There are a couple of things you can try to fix the problem.
First, open your database in phpMyAdmin (or similar) so you can see the actual contents of the database. Open the wp_participants_database_fields table and find your captcha field. Check the “validation” column, it should have only the word “captcha” IF it didn’t and you had to change it, try the signup form again.
Second thing to try is to re-make the captcha field. Make a new field, call it whatever you like, but otherwise configure it for the recaptcha field. Take the old one out of the signup form and use the new one instead.
Just logged into phpMyAdmin to double-check, and the “validation” value was indeed set to “captcha” for the corresponding CAPTCHA field on the form.
Following your second suggestion, I completely removed the old CAPTCHA field from the signup form (verified it was deleted from the db table) and created a new field with a previously-unused name (spamcheck). I also tried to simplify the form (linked in my previous comment), but removing all but one field. Still, it seems to allow submission without the recaptcha being checked.
I’ve cleared the caches again, disabled caching site-wide just as a precaution. For what it’s worth, I was having the same issue with the standard captcha that comes with participants database, and I switched over to recaptcha today in the hopes that’d fix it. I only mention it as it doesn’t seem to be an issue specific to recaptcha itself.
Well, that is puzzling, all these things are working in my tests, so I don’t know what else the problem could be.
The next suggestion is to get your php error log set up and see if there is some kind of error happening that is preventing the validation.
I’m having a two issues wondering if you can provide some support:
1) when clicking the “forgot password” link on the signup form the page reloads, creates a new entry with random letters as the first and last name, and says that it has emailed this account the password link.
2) I have installed recaptcha as directed, but if you ignore the recaptcha and click submit, the form gets submitted fine and database entries are still created. Any idea where to begin troubleshooting these two issues?
Your first problem sounds like something your browser is doing (some kind of autofill), although it’s hard to say. What you describe doesn’t make sense in the context of how the plugin handles the private link request. Normally, there would be a different form that asks for an identifying piece of information (not first name/last name), usually an email. Try the form on a different browser to check on that.
I would suggest you start by checking the plugin settings under the “Resend Link” tab, check each setting to make sure it is correct.
If that doesn’t resolve your issue, I recommend you set up a separate page for the link request, this is a page with the [pdb_request_link] shortcode on it, and the redirect is configured in the plugin settings I mentioned before.
On the CAPTCHA, make sure you’ve got the field properly configured:
If the CAPTCHA is skipped, the form does submit, but it will return with a validation error when correctly configured.
I have hidden the link for now as a workaround. recaptcha field appears to be set exactly as described. I even recreated the field to ensure that the Name matched as well. Still, if you simply ignore the captcha and hit submit, no validation error occurs and record is created fine. Can I please continue this via email so that I may email some links to look at?
You can email me at email@example.com
I just wanted to add to this to say I’m having the same issue (#2).
I have my CAPTCHA field set up exactly as shown in the screenshot above, reCAPTCHA is enabled on the sign-up form, but I can submit the form and create a record without the CAPTCHA field being validated.
I believe it started happening about two weeks ago. I’ve since made the page where I’m hosting the form private, as I was getting hundreds of spam sign-ups an hour (which is what alerted me to the issue), but I can re-enable it if needed.
The issue for the original poster was resolved by defeating caching on the sugnup page. Page and some kinds of server cache can make reCAPTCHA think the validation was already passed.
Is there any way I can use reCAPTCHA without adding a new database field? In my situation, I don’t have a problem with bots filling out bogus signup forms, but I have now started experiencing a problem where a bot is triggering a button on a custom page that causes edit links to be emailed to my users. I was hoping I might be able to add reCAPTCHA to that custom page as a way of blocking bots from generating those emails, but from what I’ve read here that is probably not possible, and is not consistent with the original design purpose of this feature.
As you have seen, the recapcha plugin can only be used to validate Participants Database signup form submissions, not suitable for the situation you describe. If you want a refund for your purchase, I’m happy to give it.
I don’t know the technical details of the situation you’re facing, it may be unavoidable that you require your users to log in to access your custom page in order to prevent unauthorized use.
I’ve recently uploaded the recaptcha plugin , along with signing up for a google recaptcha key. I’ve since added the keys in the recaptcha settings on wordpress and it shows up on my sign up form , however people are still able to register without the recaptcha validation . Also when I do click the recaptcha box to tick it , nothing comes up to do any sort of validation . it just continues to sends me a thank you message . Please can I be assisted , I have set all my fields up exactly as the description of the add on says , so I am not sure what could be the issue.
Can you provide a link to the signup form so I can take a look?
Hi Roland. We did put the link in the original post, but the post would not allow posting. it came up with a warning that the post looked like spam. Here is the signup page
You need to set the validation of your CAPTCHA field to “CAPTCHA”
I realize the instructions for setting that up are a little too brief.
We have finally figured out the problem the CAPTCHA was not working. In the Attribute field, the – field “reCAPTURE” must have the “re” in lower case and the “CAPTURE” part of the field in CAPS. Or have all the attribute text in CAPITAL LETTERS i.e. “RECAPTCHA” . I have tried both a few times to confirm. Is this something that could be fixed in the plug in code.
Thanks, I wanted to make sure there wasn’t something odd going on, so I checked the code and the plugin is expecting it to be all lower case: ‘recaptcha’
If you’re getting inconsistent results with that, make sure you don’t have page caching active on the signup page.
Can you add reCaptcha to the pdb_login ? When I have someone login i would like to have recaptcha there.
It’s possible, but this isn’t built into the plugin. Currently the only way to get a captcha on the form is to use a custom template for the login form and add it yourself.
Do you by chance have an example of the custom template?
Hi, i tried to add re-CAPTCHA field to my PDB fields but it’s not working nor showing. I saw that there is a re-CAPTCHA add-on for $5, does this mean that i cannot use re-CAPTCHA without getting the re-CAPTCHA add-on plugin? I just want to confirm please. thank you
The use of the reCAPTCHA widget does require the reCAPTCHA add-on. The free plugin only has a simple math CAPTCHA.
Where can I control what kind of Captha method is used. Currently I am only able to see Captha math check at signon. Is there documentation that I have overlooked?
The development validation is currently is on main page on https://fanoevesterhavsbad.michaeloglene.dk
Thanks for any tips.
I have found the error. Overlooked the following part of the documentation.
“Enable the Google reCAPTCHA control in the field by typing the word “recaptcha” in the form element “Attributes” field.”
Glad you found it, I’m sorry it’s a bit hard to find!
I am using the contact form, recaptcha & Email add-ons with the participants database. I am trying to setup the recaptcha, but my database field for CAPTCHA form element does not have a “values” parameter in the field. I am not seeing the same thing as your screenshot in the instructions above. I have tried to continue without this part of the setup, but I get a message that my form was not sent when I submit the contact form.
I’m sorry, I need to update those instructions. The word “recaptcha” should go into the “attributes” area of the field definition.
I added “recaptcha” in the attributes. Validation is CAPTCHA, Form Element is CAPTCHA, checked Read Only and Sign Up boxes. I have gone through your instructions multiple times to see if I am missing something and I just don’t see anything.
Any other ideas why I would get ‘No message was sent’ when I use Recaptcha in my contact form? It worked great before I added the recaptcha. I’m using the v2 Invisible like it specifies in the instructions for the contact form. The statistics from Google, don’t show that the keys have been used for a request. In the pdb recaptcha settings, I have tried every widget type ( Normal, Compact and Invisible). Would greatly appreciate your thoughts or suggestions.
It might be helpful if I could see your signup form.
It’s a contact form, based on search results from database.
OK, I don’t see a problem, the recaptcha is active.
The recaptcha is visible/active, but the contact form is not sending a message now. Before I downloaded and installed the recaptcha add-in, when I filled out the form, I received a pop-up “Your message has been sent” and I received an email. Now after the recaptcha installation I get a pop-up “Message not sent” and no email.
Make sure your API keys are correctly set up for recaptcha. To really see what the problem is, you need to check your php error log…you’ll have to set it up if you haven’t already.
i have google recaptcha installed on my site. It works on my wordpress login page
can i use that on the signup form?
i tried to add a field (captcha) set as readonly on the signup form, but it does not show up
thanks for your help
Make sure your captcha field is configured to be included in the signup form..there is a checkbox for that in the field definition. Also, make sure that you have “recpatcha” in the “values” parameter of the field.
well the field does show up but in the middle of the form! after personal info, but before code of ethics, liability and payment button.
i have the personal information (name, phone, email) but also they must check that they agree to our code of ethics and submit a copy of their liability insurance.
i would prefer that it come right before the member_payment buton
i don’t see where i can set the order of the fields on the signup form. – am i missing something.
Field can be reordered on the Manage Database Fields page by dragging a field into the desired position.