NOTE if upgrading to 2.4.0 from a previous version: If you already had reCAPTCHA configured on your site, you will have to re-enable it after upgrade by going to Checkout Settings > reCAPTCHA and clicking this checkbox:
reCAPTCHA v3 helps you detect bot traffic on your website and reduce spam signups without having to offer tests to every user. Instead of displaying a CAPTCHA challenge, reCAPTCHA v3 returns a score transparently, behind-the-scenes that indicates if the customer has passed the test or not. This is the beauty of reCAPTCHA v3, the user experience is transparent and doesn't interfere with the checkout process, but as a site owner, you get the added protection that reCAPTCHA provides. You can learn more about the general function behind reCAPTCHA v3 in this video from Google.
Follow the steps below to configure reCAPTCHA v3 on your site:
- In the MemberMouse menu click on Checkout Settings > reCAPTCHA.
- Enable reCAPTCHA on all your checkout forms by clicking on this checkbox.
- Choose 'reCAPTCHA v3 (recommended)'.
If you don't have a reCAPTCHA account, click the Create a Free Account button to create a new one. If you already have an account, click the Google reCAPTCHA Admin button.
Once inside your Google reCAPTCHA Admin interface, you may need to register your site in order to create site keys. Click on the '+' icon in the upper right corner to do this. You'll fill out the fields as prompted on the form provided by Google.
Choose 'reCAPTCHA v3' under reCAPTCHA type.
Once you've registered your site, then you'll be returned to the Google reCAPTCHA Admin console. Select your site from the dropdown menu in the upper left corner. Then click on the Settings icon in the upper right corner to access your reCAPTCHA keys.
Copy the site key into the Site Key field.
Copy the secret key into the Secret Key field.
- Click the 'Save Settings' button.
Just by setting this up, you have added the protection of reCAPTCHA v3 to your checkout pages. However, reCAPTCHA v3 has added parameters that help you tweak the configuration. We'll go into these below.
reCAPTCHA v3 returns a score for each request (1.0 is very likely a human, 0.0 is very likely a bot). In the Score Threshold area you can set the score threshold to use for free signups and paid signups. Any requests resulting in a score equal to or greater than the threshold will be approved. Any requests resulting in a score less than the threshold set below will be blocked, so be judicious in how you set this.
When a checkout request is blocked, the user attempting to submit the checkout form will be returned to that same page and an error message will be displayed. By default, this error message is "reCAPTCHA check failed. Try again." This can be customized in the Error Message section.
reCAPTCHA v3 learns by seeing real traffic on your site. To start, it's safe to use a threshold of 0.5. This is the default setting for the integration. Over time you can adjust these thresholds based on reviewing traffic in the MemberMouse reCAPTCHA log or the Google reCAPTCHA admin console.
Action Name for Segmentation
reCAPTCHA v3 introduces a new concept: actions. This is only really useful when you are using your same reCAPTCHA v3 keys across multiple checkout or signup forms. When you specify an action name in each place you execute reCAPTCHA v3, you enable the following new features:
- A detailed break-down of data for your top ten actions in your Google admin console.
- Adaptive risk analysis based on the context of the action, because abusive behavior can vary.
You can choose to enter any label into the field provided and this will allow segmentation in your Google admin console.
When a checkout request is blocked, the user attempting to submit the checkout form will be returned to that same page and an error message will be displayed. By default, this error message is "reCAPTCHA check failed. Try again." You can, however, use this field to enter a custom error message that you would like displayed.
reCAPTCHA Badge Visibility
By default, the reCAPTCHA badge will be displayed on your checkout page. It appears in the bottom righthand corner.
Using the reCAPTCHA Badge Visibility setting, you can choose to hide this badge by clicking in the checkbox next to the setting.
The reCAPTCHA Log is an internal MemberMouse log of all of the values captured by reCAPTCHA each time someone checks out or submits a MemberMouse checkout / signup form. Over time, periodic review and assessment of the reCAPTCHA Log will allow you to refine the setting on the Score Threshold based on the specific traffic and site behavior you're seeing.
You can use the reCAPTCHA Log Cleanup setting to define how many days entries will remain in the log before they are deleted. By default, entries are deleted after 30 days.
The reCAPTCHA log is able to be filtered by date; by the score; and/or by whether it received a 'Pass' or 'Fail'.
Here are the different columns found in the log, along with a description of what you can expect to find under each column:
This is the date and time at which the event occurred.
A green checkmark will be displayed when the transaction 'passed'.
A red 'X' will be displayed when the transaction 'failed'.
A red triangle 'Error' will be displayed if a reCAPTCHA error occurred.
This is the rating returned by the reCAPTCHA algorithm.
This is the first and last name provided for the relevant member.
This is the relevant member's email address. If you click on it, it will take you to the Member Details area in MemberMouse for that member.
This is the URL for the page from which the recorded transaction was submitted.
This is the IP Address from which the recorded transaction occurred.
When you select the link for "Show," a popup window will show and display the full reCAPTCHA response provided by Google.
This is also where any 'Error' details that have been returned can be accessed.