FAQ about reCAPTCHA v3

reCAPTCHA v3 is Contact Form 7’s officially supported CAPTCHA solution. The following are answers to frequently asked questions about reCAPTCHA v3.

If you are not familiar with reCAPTCHA v3 please read through this article before proceeding to the Q&A section.

CAPTCHA doesn’t show up. Is it broken?

reCAPTCHA v3 works in the background and doesn’t require a CAPTCHA widget to work. If reCAPTCHA v3 is working correctly on the front-end of your site a small reCAPTCHA badge should appear at the bottom right of each page.

reCAPTCHA badge
reCAPTCHA badge

Likewise, since it is no longer necessary in reCAPTCHA v3, a form-tag generator button for the reCAPTCHA widget ([recaptcha]) does not appear in the Form tab panel. If [recaptcha] tags are used in your form templates they will be ignored and automatically replaced by an empty string, so it is not necessary to remove the tags manually.

The reCAPTCHA badge is annoying me, can I hide it?

According to reCAPTCHA’s official FAQ answer Google permits you to hide the reCAPTCHA badge.

To hide the badge add this style rule somewhere in your CSS stylesheets:

.grecaptcha-badge { visibility: hidden; }

Instead you have to add text links to Google’s Privacy Policy and Terms of Service pages in a position prominent to site users.

reCAPTCHA’s script file is loaded on every page, can I stop it?

It is not impossible, but never recommended, to do this. Doing so would prevent reCAPTCHA from working accurately.

The following article explains the reason why the reCAPTCHA script loads on every page:

In what cases does reCAPTCHA determine that a form submission is spam?

reCAPTCHA provides a score that tells you how suspicious an interaction is. Contact Form 7 compares that score with a certain threshold, and when the score is lower than the threshold the submission will be regarded as spam by a bot.

What is the threshold of reCAPTCHA’s score, can I change the threshold?

The default value of the threshold is 0.50. You can change it using the wpcf7_recaptcha_threshold filter hook, as shown in the following example:

add_filter( 'wpcf7_recaptcha_threshold',

  function( $threshold ) {
    $threshold = 0.3; // decrease threshold to 0.3

    return $threshold;
  },

  10, 1
);

However, don’t rush into doing this. You should grasp and analyze the current situation first.

Are there any stats about reCAPTCHA working on my website?

reCAPTCHA’s admin console provides several useful stats. Plus if you use the Flamingo plugin you can check the actual reCAPTCHA score for each form submission.

I’ve activated reCAPTCHA but am still receiving spam through contact forms, why is this?

reCAPTCHA and other CAPTCHA solutions are designed to be able to block spambots effectively but are helpless against other types of spam. Human spammers can easily get around the program.

To protect against different types of spam activities Contact Form 7 provides several spam protection modules. You are advised to use two or more modules together.

I want to use reCAPTCHA v2, not v3, is that possible?

Contact Form 7 5.1 and higher only support reCAPTCHA v3. I suggest using v3, however, if you insist on using reCAPTCHA v2 you need to install an add-on plugin for Contact Form 7.

The plugin ReCaptcha v2 for Contact Form 7 created by IQComputing allows you to use reCAPTCHA v2 instead of v3. This plugin is carefully designed to be able to work without conflict with Contact Form 7.

Is reCAPTCHA compliant with GDPR?

I don’t have an answer to this question since I’m not a lawyer. I have never seen a legal precedent that concludes that reCAPTCHA acts against GDPR. Let me know if you know of any such precedents.

reCAPTCHA doesn’t work and the contact form always shows an orange border response.

First find out what the real cause of the orange border response is. An orange border indicates spam activities are being detected by spam protection modules, but reCAPTCHA is not the only spam protection module Contact Form 7 provides.

See FAQ > Why do I get an error message with an orange border?

If reCAPTCHA is confirmed to be the cause then find out why such false-positives are occurring. The Flamingo plugin’s spam logging feature will provide a helpful clue to this.

“Spam log: reCAPTCHA response token is empty.” What does this mean?

You may see this message in the Flamingo plugin’s Inbound Message screen. What this means is that the reCAPTCHA module has determined this message is spam because the response token, which should normally have a value, is empty.

An empty reCAPTCHA token can happen for several different reasons. One of the common reasons is that reCAPTCHA’s script file is not loaded, or that it is malfunctioning. In most cases this is caused due to the ill-designed theme that is used on the site.

If it happens infrequently, and messages with this log obviously look spammy, you don’t have to care much about it. It seems that some spammers use custom HTTP client tools to submit spam messages, and unlike usual browsers such tools seem to ignore scripts. Such trials are properly blocked.

Can I use “www.recaptcha.net”?

Yes, you can.

reCAPTCHA provides the www.recaptcha.net server as an alternative for users who live in regions where it is restricted to access the default www.google.com server.

To use www.recaptcha.net on your site, add the following line of PHP code to the theme’s functions.php file, or somewhere appropriate:

add_filter( 'wpcf7_use_recaptcha_net', '__return_true' );

Just another contact form plugin for WordPress. Simple but flexible.