Blocking Bots with ReCaptcha V3 • New Media Themes

What is CAPTCHA?

Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHA is an effective way to block spam, bots, and other abuses. It has been around – in one form or another – since the early 2000s.

ReCAPTCHA is a type of CAPTCHA which is easier for humans to use and relatively difficult for bots.

The early versions required challenges such as entering letters and numbers into an entry field or identifying images containing street lights, or buses. The problem was that this was difficult for both bots and humans.

Fortunately, modern versions don’t require visitors to solve riddles. ReCAPTCHA V3 requires no action from the site visitor – unless they are flagged as a risk. In that case, they may need to confirm their humanity via email.

V3 uses adaptive risk analysis in the background. This means that it is tracking user behavior, can be fine-tuned, and improved as it learns.

You can try the various forms here: https://recaptcha-demo.appspot.com/

ReCAPTCHA and the Impact on the User Experience

The V3 design is a big improvement to the user experience.

The old CAPTCHA challenge box is gone. That’s the point. But – by default – V3 displays a privacy/terms box at the bottom of pages. This box can interfere with other content, especially on mobile. You can hide it with a line of CSS and add the associated privacy/terms to your Terms of Service (TOS) or Privacy Policy.

You can also limit usage to select pages, such as to only pages with forms. Technically, the privacy and terms box is only needed when reCAPTCHA is loaded – and tracking.

Tools to Implement on WordPress

Several free WordPress plugins are available to add reCAPTCHA V3.

Advanced noCaptcha & invisible Captcha here, and Google Captcha here will both do the job. Both support V3 and work with the most common forms: login and comment forms, reviews, registration, lost and reset password, and checkout.

Monitor and Fine-Tuning reCAPTCHA

After implementation, check your reCaptcha admin console for results: https://www.google.com/recaptcha/admin. Over time, you’ll see trends and a top 10 list of suspicious activity.

Conclusion

ReCAPTCHA V3 will not prevent bots entirely, but it will reduce the problem and give you a heads up on potential risks.

ReCAPTCHA V3 is a quick and easy solution – with tracking. If you don’t want tracking, look for a paid, independent, or open-source solution. Another option is to not use CAPTCHA at all. But, if you have a big bot problem, it may be worth it.

For more on security, see WordPress Security – Key Steps to Secure and Monitor Your Site