If your website uses ReCaptcha V1 you’ll need to upgrade it before March 31st 2018 to ensure your contact forms continue to function correctly.
reCAPTCHA is a free service that protects your website from spam and abuse. It is usually implemented at the end of contact and enquiry forms. In order to prevent the automated bogus, bot enquiries you receive.
You may have also seen it implemented within login forms. As this is predominantly where automated bots are aiming to gain access. The reCAPTCHA provides an additional layer of security to prevent unauthorised access.
Shown below is reCAPTCHA V1
Undoubtedly you’ve seen and used this before and I am sure that this is heavily frustrated you at some point. Trying to read the letters, entering them correctly, only to be told that the text didn’t match?! Well there’s 2 types of frustration that this causes:
Which creates a bit of a predicament.
Version 1 of the reCAPTCHA service shown above is now being retired. No more typing, guessing and being frustrated.
Google (who owns and runs the CAPTCHA service) have rolled out a few iterations in the past few years. Most recently they launched the invisible CAPTCHA service. You may have seen the ‘i’m not a robot’ or the challenges screen, which asks you to select all the pictures with road signs?
They have now taken this one step further, so once implemented your users won’t need to select anything. It will automatically determine whether it believes the user is a human or a bot using cookies. If it believes you maybe a bot, then it will display the usual ‘Select a Road Sign’ style challenge.
Identifying The Different Versions
If your website is asking you to type in letters, then most likely enough your website has the retiring version 1.
If it displays the “I’m not a robot” text. Then you have version 2. This is also the version that will provide the ‘Road Sign’ style challenges like displayed below if it believes you maybe a spam bot.
You could also have the Invisible CAPTCHA. Which if you view your website in private browsing or incognito mode, and hit your send button a few times, should activate the ‘ROAD SIGN’ challenge. If it doesn’t, then your website might not have a CAPTCHA at all.
Which if you’re not receiving spam emails; could be because your website is using other types of security. Such as a web application firewall (WAF) or a separate plugin which has its own security features like Gravity Forms.
If your website is running version 1 after March 31st 2018, any forms that it is associated with will no longer be protected. They may not allow users to complete enquiry, contact, signup, registration forms.
If your website is already displaying the “I’m not a robot” option, then your website forms will continue to function as per normal.
However, knowing that the new Invisible CAPTCHA is being rolled out, it may only be a limited time until Google decide to retire version 2. Just food for thought. If you wanted to improve the user experience on your website, you could implement Invisible Captcha now.
Information and instructions can be found here on upgrading to either Version 2 or the new Invisible Captcha. If you choose to carry out this update yourself, follow the guides that Google provides. There is no cost for upgrading.
If you’re pressed for time or this is not your area of expertise, then Impact are charging a flat fee of £300+vat* for the replacement of reCAPTCHA. We’ll upgrade you to either version 2 or the new invisible CAPTCHA. Whichever you prefer.
(Please note if implementing into more than one position throughout your website, a further quotation will be provided)
If you have a WordPress website then there are a couple of alternatives.
Our Support Unlimited customers are screened through a web application firewall. Which protects your forms from bot attacks, which will reduce bot form completions. It also screens and protects from brute force attacks, DDoS attacks, hack attempts, and security exploits.
For non Support customers, you can purchase Sucuri for your WordPress website from $19.98 per month.
You can learn more about Sucuri here. Or speak to us about our Support Unlimited plans in which Sucuri and many other features are incorporated.
Gravity Forms is a premium plugin for WordPress that allows you to generate custom forms within your website. Capturing and storing lead data and providing marketing teams the ability to drop in new subscription and signup forms within their content of the site themselves. Without paying for maintenance updates to your web team.
The form plugin also has a feature called Anti-Spam Honeypot. This feature when enabled displays a hidden box, which is designed to tricks bot. Bots will automatically place text within the box to forcibly complete the form. In most cases, this box is hidden from users as its placed within the code area, which only bots would crawl. If the box does display, it can be hidden using HTML.
This feature when applied stops bots from completing forms, and provides a very similar solution to the invisible CAPTCHA service.
We recommend and install the Gravity Forms plugin on every website we build. We utilise our developer license and via our Support Unlimited plans we incorporate the yearly renewal fees. Meaning that our customers don’t have to manage or pay for renewals.
You can learn more about Gravity Forms here.
Cost
Gravity Form plugin implementation into a WordPress website £300+vat
A yearly license for Gravity forms is $59 (Included free with Support Unlimited customers)
Whether you choose to upgrade reCAPTCHA or replace it. We’d recommend using both Sucuri & the Gravity Forms plugin. For absolute peace of mind and security if you’re running a WordPress website.
Hopefully you have everything you need to know about the reCAPTCHA change. Of course if you need help implementing, then please get in touch.
Resource links will all be above. But feel free to tweet us @impactmedia if you need us to send you any links or documentation.
*Prices correct at time of publication
Forget what you know about WordPress, we make it even easier. Want to know how?
