Adding spam control to your forms

After installing and activating the Strong Testimonials: Captcha extension, going to Settings Form will reveal these options:

Adding spam control to your forms 1

Honeypots

Honeypots are methods for trapping spambots and are both time-tested and widely used. May be used simultaneously for more protection. However, honeypots may not be compatible with WP-SpamShield, Ajax page loading, caching or minification.

Before: Adds a new empty field that is invisible to humans. Spambots tend to fill in every field they find in the form. Empty field = human. Not empty = spambot.

After: Adds a new field as soon as the form is submitted. Spambots cannot run JavaScript so the new field never gets added. New field = human. Missing = spambot.

Google Recaptcha

Add Google Recaptcha to your form by checking the `enable Google reCAPTCHA ` option.

Adding spam control to your forms 2

To start using reCAPTCHA, you need to sign up for an API key pair for your site. The key pair consists of a site key and secret key. The site key is used to invoke reCAPTCHA service on your site. The secret key authorizes communication between your application backend and the reCAPTCHA server to verify the user’s response. The secret key needs to be kept safe for security purposes.

In your Google reCAPTCHA admin, choose the type of reCAPTCHA and then fill in your site domain. Click the Register button to get a new API key pair. Copy & Paste these API keys in your Settings:

Adding spam control to your forms 3

You can then choose between 3 types of Google reCAPTCHA:

reCAPTCHA v2 (“I’m not a robot” Checkbox)
Adding spam control to your forms 4

The “I’m not a robot” Checkbox requires the user to click a checkbox indicating the user is not a robot. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human. 

Invisible reCAPTCHA badge

The invisible reCAPTCHA badge does not require the user to click on a checkbox, instead it is invoked directly when the user clicks on an existing button on your site, in our case the `Submit` testimonial button. By default only the most suspicious traffic will be prompted to solve a captcha. To alter this behavior edit your site security preference under advanced settings in your Google Recaptcha Admin

Adding spam control to your forms 5
reCAPTCHA v3

reCAPTCHA v3 allows you to verify if an interaction is legitimate without any user interaction. It is a pure JavaScript API returning a score (between 0 and 1). This score is based on interactions with your site: 1.0 is very likely a good interaction, 0.0 is very likely a bot, giving you the ability to stop the testimonial form submission if the user doesn’t pass this score.

By default the user needs to pass a score of 0.5 to submit the form, but this setting can be changed:

Adding spam control to your forms 6

Was this article helpful to you? Yes No 1

Still stuck? We’re here to help.

Send us a message and we’ll get back to you as soon as we can.