Why is reCAPTCHA v3 not stopping spam on my WordPress contact form?

By
Aaron Garnes
-
0
0
Asked By SunnyBreeze92 On

Hey everyone! I'm currently using the Quform plugin for the contact forms on my WordPress site, and I've enabled Google reCAPTCHA v3. I've properly added both the site key and secret key, and the Quform backend confirms that reCAPTCHA v3 is active. However, my client is still receiving a ton of spam through the contact forms. I've checked the keys, updated both Quform and WordPress, changed the reCAPTCHA theme and badge position, and ensured there are no outdated or duplicate forms. I'm wondering why reCAPTCHA v3 isn't effectively blocking spam. Would switching to reCAPTCHA v2 (the checkbox) help? Are there any tweaks in Quform, like adjusting the v3 score threshold, that could cut down on spam? Or should I consider implementing another anti-spam solution or plugin alongside reCAPTCHA? Any insights or personal experiences would be really helpful! Thanks!

5 Answers

Answered By TechWizKid99 On

You might want to test your form to see if it truly needs reCAPTCHA. Try submitting the form without filling out the reCAPTCHA, both with JavaScript enabled and disabled. This way, you can ensure the reCAPTCHA is functioning correctly.

Answered By UsefulGadgetGuy On

Consider keeping an eye on your reCAPTCHA activity at https://www.google.com/recaptcha/admin. There, you can view your site's statistics and check if spam is getting through. If you're looking for alternatives, services like hCaptcha and FriendlyCaptcha might be worth checking out.

Answered By BrightIdeaGuru On

It’s important to make sure your contact form isn't easily exploited. When users submit the form, a generic confirmation message like 'We've received your message' works best if you're emailing them back. It reduces the chances of leaking information.

Answered By CreativePhoenix77 On

We've been using reCAPTCHA v3 Invisible for our online store and have noticed about 2-3% false positives. To improve spam detection, we added a simple honeypot—a hidden text input field with CSS that users can't see. Bots usually fill in every field, but real users won't touch that hidden one. If that field isn't empty, then it's likely a bot trying to spam you.

Answered By SecurityHawk_',comment':'reCAPTCHA v3 utilizes a score system, which sometimes fails to catch spam. You could try raising the score threshold in Quform or switch to reCAPTCHA v2 for better spam blocking. Adding a honeypot or using plugins like Akismet or CleanTalk can also provide additional protection. On

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.