Jun 21, 2021
What Is reCAPTCHA? Everything You Need to Know
reCAPTCHA is a free Google service that protects websites from spam and abuse by distinguishing human users from automated bots. Using machine learning and advanced risk analysis, it is a more advanced version of the traditional CAPTCHA system.
The Turing test is a method to determine whether or not computers can exhibit human-like behavior. This kind of behavior is examined by reCAPTCHA and is often employed to prevent abuse of sign-up, contact forms, or comment sections.
There are multiple types of CAPTCHA tests available, from using a real-life image or a simple checkbox. This article will share how the different types of tests work and how to install this kind of test on your site.
How Does reCAPTCHA Work
The reCAPTCHA verification process uses artificial intelligence (AI) to recognize human behavior that the bots can’t follow. The tests need to be passable by any human user, regardless of age, gender, education, or language.
CAPTCHAs are all automated so that the computer program can grade the test without the interference of humans. Due to this reason, the tests are constantly evolving as both the CAPTCHA AI and malicious bots become more advanced.
The verification process of traditional CAPTCHAs works by forcing users to solve tests before allowing access. The CAPTCHA tests use random letters and numbers, warping them in a way that is hard for automated programs to translate. Previously, this has been a sufficient deterrence method, as bots would have difficulty recognizing these distorted letters or numbers.
However, more advanced bots have been developed, with the ability to quickly solve traditional CAPTCHAs with algorithms trained in pattern recognition. The traditional CAPTCHAs then were replaced with more complex tests in the form of reCAPTCHA v1.
These reCAPTCHA tests used a computer-generated word and distorted text via images from old books or news articles. However, this version is no longer available as it was found to be too easy for the bots and too hard for human users.
reCAPTCHA v2 followed afterward, hoping to provide more complex tests to deter bots while remaining solvable by humans. This updated reCAPTCHA test requires users to select images matching a theme or check a box next to the text, stating “I’m not a robot”.
An even newer version – reCAPTCHA v3 – aims to avoid disrupting the user experience. This version limits user interaction by calculating a score according to the present user behavior and history. Computers then determine the score for the user in a preliminary Turing test.
The website owner has three possible responses based on the score – to grant access, block the user, or deploy reCAPTCHA v2 tests. The two available tests for this method are the image reCAPTCHA and checkbox reCAPTCHA.
The image recognition reCAPTCHA test uses either nine or 16 lower resolution real-life images in the form of a square. Above these images, users will find displayed instructions on which image sections should be selected. For example, the instruction might ask users to select all squares featuring crosswalks or fire hydrants.
Once the user has selected the squares, the computer program will compare the response with other responses. If the user’s response matches that of most other users, they pass the test.
The test presents images that humans see every day and can easily recognize. Whereas even advanced bots will have a hard time selecting objects from low-resolution images.
This test is also available in an audio version, which makes it accessible to visually impaired users. The audio test will vocalize random letters and numbers using distorted audio, prompting users to answer using text input.
Users don’t need to solve or recognize anything to pass the checkbox reCAPTCHA test. Simply check a box next to the statement saying “I’m not a robot”.
This test distinguishes humans from bots by following the cursor movement as it approaches the checkbox. Even a human user with the most stable hand will display some randomness in cursor movement, even on a microscopic level. A bot, typically, will not be able to mimic this kind of movement, preferring to act in a straight line.
If the cursor movement indicates that the user is a human, a green check icon will be displayed upon clicking the box.
Other than following the cursor movement, this test also assesses HTTP cookies and history present in the web browser.
Pros and Cons of reCAPTCHA
reCAPTCHA helps to prevent bots from spamming website pages. It will always be beneficial to install this test to protect your site if you have open registration and comment sections.
However, the system does feature certain disadvantages as well. Here are some of the pros and cons of using reCAPTCHA on your site.
reCAPTCHA actively protects the integrity of your site by preventing spam, abuse, and data theft from bots.
Here are some of the most significant pros of using reCAPTCHA:
- Free. Everyone can use this service free of charge.
- Security. The test protects websites from spam, fraud, and abuse. This test is a very effective additional layer of security for websites with sign-up forms and comment sections.
- Options. There are different types of tests available and an option to use various tests for different kinds of forms.
- Integrity. Help protect the integrity of your site by avoiding attacks that might spread malware or redirect your visitors to malicious sites.
- Time. Save time by only providing services to real users. The test prevents bots from overflowing your business or comment section with fake users.
- Adaptive. As bots become more advanced, reCAPTCHA constantly adjusts its tests using a machine learning algorithm. This way, reCAPTCHA tests can adapt to what the bots are capable of doing.
While reCAPTCHA provides different options and ways to protect a site from spam and abuse, the test is not without its faults. Here are some of the cons of using the tool:
- User experience. The test interrupts the flow of what a user is trying to do, possibly resulting in a negative user experience. The test might even cause visitors to abandon the site altogether.
- Efficacy. Some bots can fool some of the older reCAPTCHA tests.
How to Install reCAPTCHA on a Website
Installing reCAPTCHA can be done in different ways, either manually or by using a WordPress plugin. Before installing the test, there are a couple of things to consider as well, such as the type and location of the test.
There are different types of reCAPTCHA tests available. Select which type works best for your site. We suggest you consider your visitors and what kind of test would be best for their user experience.
Then, think about where you would like to add the test. reCAPTCHA services are often available next to online forms, such as sign-up or contact pages. Knowing the location of the test beforehand will help with the installation process.
With any reCAPTCHA installation, the first step is to get the API key pair from the reCAPTCHA admin panel.
There, fill out the form according to your website’s needs:
- The Label can be anything you want and used to differentiate your reCAPTCHAs.
- Select the reCAPTCHA type that you want to use on your website.
- It is possible to add more than one website. This can be done under the Domains section.
- As a Google tool, the email under Owners will automatically be selected to your Gmail account. You may change or add more email addresses if necessary.
After you fill out the form, click on the Submit button. Google will generate a site key and a secret key. Use the site key in the HTML code of your site and the secret key for communication between your site and reCAPTCHA.
Once you have the site key and the secret key, the next step is to start the installation process.
Installing reCAPTCHA Manually
One of the ways to install reCAPTCHA manually is by using a PHP or HTML file. The first step is to access the root folder of your website. Then add the following code in the header of your form’s PHP or HTML file, preferably after the “title” line:
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
On the same file, paste the following code inside the form, before the submit line:
<div class="g-recaptcha" data-sitekey="your_site_key"></div>
Change your_site_key with the Site Key from Google. Make sure to keep the key inside the quotation marks.
Then, add the secret key to the DNS records. If you use Hostinger as your web hosting provider, head to the DNS Zone Editor on your domain’s hPanel. On Manage DNS records, add data-sitekey under Name and your secret key under TXT value. Click on the Add Record button.
Remember that it might take up to 24 hours for changes to take effect.
Installing reCAPTCHA Using a Plugin (WordPress Only)
Installing reCAPTCHA using a plugin is a simple process. Keep in mind, however, that this option is only available for WordPress users.
To add the test to your websites and forms, first manually install a WordPress plugin for reCAPTCHA. While a couple of plugin options are available to add the test, there is no official reCAPTCHA plugin.
To look for all the reCAPTCHA plugins available, head to Dashboard -> Plugins -> Add New. Input reCAPTCHA search box – most of the search results will come up as contact form plugins.
Before selecting the plugin, make sure that it is compatible with your version of WordPress. For this example, we will be using the Contact Form 7 plugin.
The Contact Form 7 plugin has the option to integrate reCAPTCHA protection on all of its forms. To do so, head to the Dashboard -> Contact -> Integration after you install and activate the plugin. Under the reCAPTCHA section, click on the Setup integration button.
There, add the site key and the secret key from earlier. Once you’re done, click on the Save Changes button. Hit the Setup Integration button again.
Once the integration process is complete, WordPress will show you the two keys.
Then, head to Dashboard -> Contact -> Add New to add the necessary information for the form. Add a title in the Enter title here section to differentiate between the forms.
Once you edit the content of the form field, add “[recaptcha]” before the “[submit “Submit”]” line. Click the Save button. There will be a generated shortcode under the title.
Copy the shortcode and head to the WordPress editor to add the form field you have created. On the Gutenberg editor, simply paste the shortcode, and the form will be automatically added, integrating your reCAPTCHA test as a result.
reCAPTCHA is a free automated Turing test to differentiate between a human user and a bot. There are multiple types of reCAPTCHAs, all with their unique ways of identifying bots.
Users might have to identify a specific object present in real-life images or check a box that says “I’m not a robot”. However, keep in mind that there are both benefits and downsides to using reCAPTCHA on your site. The test will help to identify bots, but it can also disrupt your visitor’s user experience.
In this article, we have shown different ways to install reCAPTCHA on your site:
- First, you’ll need to get a site and secret keys for your website.
- Afterward, there is the choice between installing reCAPTCHA manually or using a WordPress plugin.
Let us know in the comment section whether or how reCAPTCHA has helped to protect your website. Good luck!