reCAPTCHA
Introduction
reCAPTCHA is a Google service designed to protect websites from automated attacks such as spam or abusive use. It distinguishes between real people and bots (‘digital robots’) that try to abuse forms or other website functions.
With the free reCAPTCHA module from PepperShop, you can integrate reCAPTCHA into your online shop. In this guide, we will explain more about reCAPTCHA, how to configure the module and how to clean up existing spam registrations.
Explanation: What is the difference between reCAPTCHA v2 and reCAPTCHA v3?
reCAPTCHA v2
reCAPTCHA v2 asks the user to solve a task, such as ticking a box (‘I’m not a robot’) or selecting images that contain certain objects, to confirm that they are human.
Please note that this guide is specifically geared towards reCAPTCHA v3. If you are using reCAPTCHA v2, there may be differences.
reCAPTCHA v3 (recommended)
reCAPTCHA v3 works in the background by analysing the user’s behaviour on the website to determine whether they are a real human or a bot, without the user having to perform a task. It returns a score from 0 to 1 that indicates the probability of whether the visitor is a human. We recommend that you use reCAPTCHA v3.
Configuring the reCAPTCHA module
Necessary to get started
- A Google Account (→ Create a Google Account)
Step 1: Register your domain for using reCAPTCHA
- Sign in to Google Chrome with your Google Account.
- Open the following link: https://www.google.com/recaptcha/admin
- (If you have already entered a reCAPTCHA, click on the plus sign in the administration to enter another one.)
- Label: Give the reCAPTCHA a name so that you can recognise it later. For example, ‘great-shoes v3’.
- reCAPTCHA type: Select ‘score based (v3)’.
- Domains: Enter the domain of your online shop. If you have a subdomain, this will automatically be registered here as well.
- If you are unsure what your domain is, read the text below under ‘Explanation: domain and subdomain’.
- Google Cloud Platform: You can leave the field as it is already automatically filled in.
- Click on ‘Submit’.
- A window will now appear with two codes that you will need soon. Therefore, leave the window open and open another window.
Explanation: What is a domain and a subdomain?
The domain is the unique name under which a website can be found. For example, the domain of the URL ‘https://blog.tolle-schuhe.ch/de/’ is ‘tolle-schuhe.ch’ and the subdomain is ‘blog’.
Step 2: Install reCAPTCHA module
If you have already installed the reCAPTCHA module, you can skip this step.
- Go to your PepperShop administration.
- Click on ‘Modules’ → ‘Module Administration’.
- Under ‘Modules not yet installed’ you will find the reCAPTCHA module. Click on it and then click on ‘Install’.
- Click on ‘Manage module’.
Step 3: Configure the reCAPTCHA module
If you are not already in the reCAPTCHA module administration, go to your PepperShop administration and go to ‘Modules’ → ‘reCAPTCHA’.
- Activation: Tick the box to activate the module.
- Version: Select ‘reCAPTCHA Version v3’.
- Website key: Enter the code from the reCAPTCHA website, which you should still have open. (Click on ‘Copy website key’ and insert the code into the PepperShop Admin).
- Secret key: Enter the code from the reCAPTCHA website into the field below. You should still have the window open. (Click on ‘Copy secret key’ and paste the code into the PepperShop Admin).
- Locations: Here you can select the locations on your website where reCAPTCHA should be activated. We recommend that you leave all locations activated.
- Threshold: We recommend that you leave the value at 0.5 for the time being. You can find out more in the chapter ‘Measures to take in the event of further spam registrations’.
- Timeout: We recommend that you leave the value at 1800 seconds for the time being. You can find out more in the chapter ‘Measures to take in the event of further spam registrations’.
- Save the settings.
You have successfully installed reCAPTCHA! You can also check this by going to your shop and, for example, creating a new customer account. You should see the reCAPTCHA symbol on the right.
Clean up existing spam registrations
If you already have spam registrations in your system, you can delete them as follows.
Delete inactive newsletter subscriptions
This only applies to users of the newsletter module. When a customer signs up for your newsletter, they must confirm this in an email. People whose email address has been misused for registration will therefore receive an email from you and will not confirm the newsletter registration. Therefore, you can delete inactive newsletter subscribers.
- Go to the PepperShop administration.
- Click on ‘Marketing’→‘Newsletter’.
- By clicking on ‘Delete inactive entries’, you can delete unconfirmed newsletter subscriptions that are older than 30 days.
- For more recent registrations, we recommend that you check the entries to see whether they are a real person who has simply not yet confirmed the newsletter or whether they are spam. For example, if the first and last names include something like ‘Bitcoin’ or a URL, they are definitely spam and you can delete the entries individually.
If you have installed reCAPTCHA, you should now hardly find any spam registrations here. However, you can also check this again after a while.
Delete unused customer accounts
In the PepperShop Administration, you can easily display and delete all customer accounts that have never been used. To do this, proceed as follows:
- Go to the PepperShop Administration.
- Click on ‘Settings’ → ‘Shop Configuration’ → ‘Operations’.
- Under ‘Customers / Orders’, click on ‘Display / Remove Unused User Accounts’.
- In the field under “Minimum age in days”, enter the minimum age that the unused accounts should have and then click on “Show”.
- If you now click on “Delete”, you will delete all unused customer accounts from the minimum age you have specified.
If you have installed reCAPTCHA, you should now find hardly any more spam accounts here. However, you can also check this again after a while.
Support
Our support team can also help you to clean up your contacts. To do so, please contact our support team: support@glarotech.ch or call +41 71 923 08 58.
Measures to take in the event of further spam registrations
If you continue to receive a lot of spam submissions after activating reCAPTCHA, there are various options for action.
Switch from reCAPTCHA v2 to reCAPTCHA v3
If you are still using reCAPTCHA v2, consider switching to reCAPTCHA v3. To do this, go through the chapter ‘Configuring the reCAPTCHA module’.
Adjust the threshold
reCAPTCHA v3 assigns each user a score (‘risk score’) between 0 and 1. A score of 0 indicates that it is likely to be a bot, while 1 indicates a real person. You can use the threshold to determine the risk score from which a user may submit a form.
The default value is 0.5. You can increase this value by 0.1 each time a bot registers and wait to see if the bot registrations are reduced. We generally advise against setting a value of 0.9 or higher, as this will also increasingly prevent real customers from submitting forms.
Explanation: What happens if a real person cannot register?
If reCAPTCHA identifies a real person as a bot, they will not be able to submit the form and the following error message will appear: ‘Your request could not be sent because our system detected unusual activity. Please try again or contact us.’. If an increasing number of customers report to you because they could not fill out a form, you should consider lowering the threshold.
Timeout
With reCAPTCHA v3, the timeout means that people who are filling out a form only have a certain amount of time to do so. If the time is exceeded, an error message appears when the form is submitted and it must be submitted again.
With reCAPTCHA v3, the timeout is generally not as critical because v3 is based on a continuous evaluation of user interactions to determine a risk score. A shorter timeout could even negatively affect the evaluation process and lead to a less accurate assessment. Therefore, we generally recommend leaving the value at 1800 seconds for v3.
Support
If you continue to experience problems with spam sign-ups despite the above measures, we will be happy to work with you to find a solution. Please contact our support team: support@glarotech.ch or call +41 71 923 08 58.
Further help
Do you have any questions or need support? Do you have special requirements or would you like a customised solution for your system? Our support team will be happy to help. Support services are charged at CHF 185 per hour. This is how you can contact us:
E-mail: support@glarotech.ch
Phone: +41 (0)71 923 08 58
Opening hours: Monday – Friday I 08:00h – 12:00h I 13:30h – 17:00h
Other useful pages
- FAQ (Frequently Asked Questions)
- Modules & Functions
- Interfaces