Setting up Google reCAPTCHA to prevent spam

Google reCAPTCHA is one of the CMNTY integrations that allows you to add a CAPTCHA to your registration form. CAPTCHA stands for “Completely Automated Public Turing Test To Tell Computers and Humans Apart”. In short, it allows you to protect your registration page against automatic bots.

A reCAPTACHA implementation

Below you will find how to set up CAPTCHA.  There will be some configuration required on the client side within Google to enable this. This is the most secure and effective way for Platform Owners to combat spambots.

To enable reCAPTCHA on your platform, you have to create a Google account and head towards this page:

At the top of this page, you will find your already configured reCAPTCHAs, while at the bottom you can create a new one.

To create a new reCAPTCHA:

  1. Fill in the form. In the label input field, you can fill in a name. For example the name of the platform. Next, choose “reCAPTCHA V2”.
  2. By picking this option, two new options will appear. First of all, you can fill in any domains that will be using this reCAPTCHA. We highly suggest that you fill in the URL or the domain of your platform to improve security. Make sure that if your platform is running on multiple URLs, to fill in all URLs.
  3. Next, accept the terms & conditions as set by Google.
  4. If you are interested in getting an email when Google detects you didn’t properly configure your platform, please mark the “send alerts to owners” checkbox.
  5. Finally, click Register.

The next page will show you analytics at the top. If you are ever interested in seeing how many bots have been stopped, this is the place to be.

What matters, however, is the “site key” and the “secret key”. In Admin > Configure > Integrations > reCAPTCHA you can enable reCAPTCHA and fill in both the site key and secret key that Google provided you.

Click save. You are now all set.

NOTE: reCAPTCHA does not appear in registration forms through invites because you invited those people yourself.

Change the security level

You can change the security level within your Google reCAPTCHA environment by opening up the “advanced settings”.

We highly advise you to enable the “domain name validation” to make sure that the reCAPTCHA is checked with your platform URL.

Additionally, you can move the slider from left to right to make your reCAPTCHA perform better. However, the more security features you turn on by sliding it to the right, the more actions are required from your users to pass the CAPTCHA. We advise you to start with the middle option and keep an eye on the amount of bots that register to your platform and how many are blocked by looking at the analytics. Based on that number, you can either move the slider to the left or to the right.

Also, check out our article about two-factor authentification (2FA).