Fast Secure reCAPTCHA

In the No CAPTCHA reCAPTCHA V2 system, users are asked to click on a "I'm not a robot" checkbox (the system will verify if the user is a human or not, for example, with some clues such as already-known ip addresses, cookies, or mouse movements within the ReCAPTCHA frame) or, if it fails, select one or more images from a selection of nine images.

They actually visit your form and fill it out including the CAPTCHA.

Sometimes contain content that does not make any sense (jibberish). Humans or Spam bots will try to target any forms that they discover. They first attempt an email header injection attack to use your web form to relay spam emails. This form is to prevent relaying email to other addresses. After failing that, they simply submit the form with a spammy URL or black hat SEO text with embedded HTML, hoping someone will be phished or click the link.

Spamming blog comment forms, contact forms, Wikis, etc. By using randomly generated unique "words", they can then do a Google search to find websites where their content has been posted un-moderated. Then they can go back to these websites, identify if the links have been posted without the rel="nofollow" attribute (which would prevent them contributing to Google's algorithm), and if not they can post whatever spam links they like on those websites, in an effort to boost Google rankings for certain sites. Or worse, use it to post whatever content they want onto those websites, even embedded malware.

It is easy and cheap for someone to hire a person to enter this spam. Usually it can be done for about $0.75 for 1,000 or so form submissions. The spammer gives their employee a list of sites and what to paste in and they go at it. Not all of your spam (and other trash) will be computer generated - using CAPTCHA proxy or farm the bad guys can have real people spamming you. A CAPTCHA farm has many cheap laborers (India, far east, etc) solving them. CAPTCHA proxy is when they use a bot to fetch and serve your image to users of other sites, e.g. porn, games, etc. After the CAPTCHA is solved, they post spam to your form.

Invisible reCAPTCHA needs totally different keys and all different coding for the javascript. I am not going to try changing it right now. I already have reCAPTCHA V2 working just fine and it's also compatible with my Fast Secure Contact Form plugin. I don’t see any any advantage for the Invisible version. The checkbox is really not that much effort anyway. There are no security advantages to it. Invisible ReCAPTCHA isn’t really invisible anyway because you still have to display the Google badge and it will even fully come up with “click the images with signs” if they fail the robot test. Nothing invisible about it. Maybe I will add it someday if the invisible version takes over in popularity or security.

Make sure you have entered your site keys and enabled the reCAPTCHA on your forms. The reCAPTCHA will not show to logged in users posting comments if you have enabled this setting: 'No comment form reCAPTCHA for logged in users'. Maybe a logged in user is the spammer. Check for a plugin conflict. A plugin conflict can break the validation test so that the reCAPTCHA is never checked. Be sure to always test all the comments, login, registration, and lost password reCAPTCHA forms after installing or updating themes or plugins. Troubleshoot plugin conflicts, see troubleshooting below. Sometimes your site becomes targeted by a human spammer or a spam bot and human captcha solver. Google reCAPTCHA is usually very good at blocking this, but if the issue persists, try the following suggestions: Try allowing only Registered users to post, and or moderating comments. Read more about Combating Comment Spam Filter Spam with Akismet – The Akismet plugin filters spam comments. Akismet should able to block most of or all spam that comes in.

This plugin automatically puts the google api JavaScript in the footer and loads it async defer. This plugin automatically loads all necessary HTML and JavaScript needed for the reCAPTCHA. Make sure you did not put any google reCAPTCHA javascript or HTML in your theme or it will for sure will break things. Another plugin could be causing a conflict. You may have a conflict with another reCAPTCHA plugin. Do you have any other plugins that load a reCAPTCHA? Temporarily deactivate other plugins to see if the reCAPTCHA starts working. Most reCAPTCHA plugins are not compatible with each other because of javascript onload conflicts but I know how to make my plugins compatible with each other. This plugin is compatible with the reCAPTCHA you can enable on my other plugin Fast Secure Contact Form. Your theme could be missing the wp_head or wp_footer PHP tag. Your theme should be considered broken if the wp_head or wp_footer PHP tag is missing. Do this as a test: In Admin, click on Appearance, Themes. Temporarily activate your theme to one of the default default themes. It does not cause any harm to temporarily change the theme, test and then change back. Does it work properly with the default theme? If it does then the theme you are using is the cause.

If you have JetPack comments module enabled then captcha/recaptca/anti-spam plugins will not work on your comments form because the comments are then loaded in an iFrame from WordPress.com The solution is to disable the comments module in JetPack, then the reCAPTCHA plugin will work correctly on your comments form.

Make sure that the theme comments.php file contains at least one of the standard hooks: do_action ( 'comment_form_logged_in_after' ); do_action ( 'comment_form_after_fields' ); do_action ( 'comment_form' ); If you didn't find one of these hooks, then put this string in the comment form: <?php do_action( 'comment_form', $post->ID ); ?>

This failure could have been caused by another plugin conflict with this one. If you enabled reCAPTCHA on the login form and are locked out due to reCAPTCHA is broken, here is how to get back in: FTP to your WordPress directory /wp-content/plugins/ then delete this folder: fast-secure-recaptcha This manually removes the plugin so you should be able to login again.

The google reCAPTCHA keys are domain specific, make sure to get keys for each web site domain you install it on. On the plugin settings page, enter your two Google reCAPTCHA keys for the domain of your site. Included right there is a link to get free keys. Finally click the Save button.