Divi improved spam protection for the Contact Form and Email Optin modules with Google reCAPTCHA v3. Divi now supports Google re CAPTCHA v3 natively from Divi version 4.07.

What is Google reCAPTCHA?

reCAPTCHA is a free service from Google that protects websites from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep automated software robots from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease, acts invisible.

How to enable reCAPTCHA with Divi step by step

To enable spam protection, a few additional steps are required before reCAPTCHA starts working:

Step 1

Login to https://www.google.com/recaptcha with your Google account

Step 2

Create a new site by clicking the plus sign in the top-right menu corner.

Step 3

Register your site so you will get site key and secret key.

Step 4

Retrieve your site key and secret key so you can copy & paste it to Divi Contact Form module.

Step 5

Copy & paste it to the Divi Contact Form module. Go to Divi Contact Form module, in the Content tab locate Spam protection. Instead of Use basic Captcha choose Use A Spam Protection Service. Click on the ADD button.

Step 6

Copy here the site key and secret key from the Step 4 & hit Submit button.

Congratulations, you are done!

reCAPTCHA minimum score interpretation

The Minimum score interpretation is taken from Google Developer Docs

reCAPTCHA v3 returns a score (1.0 is very likely a good interaction, 0.0 is very likely a bot). Based on the score, you can take variable action in the context of your site. Every site is different, but below are some examples of how sites use the score. As in the examples below, take action behind the scenes instead of blocking traffic to better protect your site.

Use case Recommendation
homepage See a cohesive view of your traffic on the admin console while filtering scrapers.
login With low scores, require 2-factor-authentication or email verification to prevent credential stuffing attacks.
social Limit unanswered friend requests from abusive users and send risky comments to moderation.
e-commerce Put your real sales ahead of bots and identify risky transactions.

reCAPTCHA learns by seeing real traffic on your site. For this reason, scores in a staging environment or soon after implementing may differ from production. As reCAPTCHA v3 doesn’t ever interrupt the user flow, you can first run reCAPTCHA without taking action and then decide on thresholds by looking at your traffic in the admin console. By default, you can use a threshold of 0.5.

Hiding the reCAPTCHA badge

After enabling spam protection with reCAPTCHA, Google displays a little badge in the right bottom corner of the protected website and pops up when you roll over it. According to the official FAQ, you are allowed to hide this badge.

You are allowed to hide the badge as long as you include the reCAPTCHA branding visibly in the user flow. Please include the following text:

This site is protected by reCAPTCHA and the Google
<a href=”https://policies.google.com/privacy”>Privacy Policy</a> and
<a href=”https://policies.google.com/terms”>Terms of Service</a> apply.

To hide the badge, use this CSS code:

.grecaptcha-badge { visibility: hidden !important; }

Do not use display: none; as it will disable the spam checking.

Pin It on Pinterest