How to activate Google's reCAPTCHA for site to block spammers
You can enable that feature from your Admin panel. It requires some configuration at reCAPTCHA. Right now, Google doesn't charge anything for that service but may change this in the future.
Let's get started with the setup!
Sign up for a pair of API keys at Google reCAPTCHA
- Visit https://www.google.com/recaptcha/admin/create.
- Log in with your Google account (this will be the owner of the reCAPTCHA account).
- Register a new site by filling in the information, as detailed in the following steps.
- Label: at whatever name you want, for the project. We suggest inputting your marketplace name or URL, for convenience.
- reCAPTCHA type: select "reCAPTCHA v2" then "I'm not a robot" Checkbox".
- Domains: add your marketplace URL, for example, "www.example.com" or "example.openclassify.com".
- Possibly, add more owners.
- Accept the terms.
- Submit.
- You should now see your reCAPTCHA API keys. Great! Let's continue.
Add the reCAPTCHA API keys to your marketplace
- Log in to your admin panel which is sitename.com/admin . You must be logged as an administrator.
- Go to the "Settings / reCAPTCHA" page of your Admin panel.
- Copy the "Site key" from your reCAPTCHA settings and paste it in the "reCAPTCHA site key" field on your Admin panel.
- Copy the "Secret key" from your reCAPTCHA settings and paste it in the "reCAPTCHA secret key" field on your Admin panel.
- Save the changes in your Admin panel.
- That's it!
reCAPTCHA is now enabled on your marketplace. You can visit, as an unlogged user, the "Contact us" and "Sign up" page. The reCAPTCHA box should be visible, at the bottom of the form.
Finetune reCAPTCHA security settings and monitor things
From your reCAPTCHA account at https://www.google.com/recaptcha/admin/, you can edit your website security settings. For example, you can edit the "Security Preference" from "Easiest to users" to "Most secure". This is not really specific from Google, so it's good to get started with the default setting. Over time, if you experience lots of spam, you can change that setting to something more challenging, but keep in mind that the experience for regular users will be more annoying.
Also from your reCAPTCHA account, you can monitor, after a little while, the requests. How many have passed, failed, etc? This should help you learn how helpful the service is and better decide what kind of security preferences you'd like to configure.
What do to if you still experience spam and fake accounts
If you receive a spammy contact or account every other day (for example), it's likely created or sent by an actual human, paid for that task. reCAPTCHA won't work 100%.
If you experience a low volume of "Contact us" spam (a few messages per week), you may simply have to accept it. We hate it too, spam is more than half of the total email traffic on the Internet, but sometimes the best is to "Mark it as spam" and move on.
If you experience a low volume of fake accounts for spam purposes (a couple per week), disable them immediately. You may want to consider to make your marketplace invite-only for a little while.