From WHMCS Documentation

Differentiating between humans and bots (computers) is an ever-changing and more challenging task. A number of solutions have been implemented, typically involving increasing obscured text and numbers or images, such as the default 5 character verification of WHMCS.

reCAPTCHA Version 2

As bots and software have become more sophisticated, a common solution was to make the text more difficult to read, which can result in frustrated and lost potential clients. Google's reCAPTCHA set's out to change that. They have created a system that is easy for people, but hard for bots. By using an advanced and more secure risk analysis engine, humans and bots are more effectively differentiated.

The first step in authentication is to ask the user to confirm that they are not a robot by ticking a checkbox. While this sounds simple, Google's risk analysis engine takes a lot into account about how the user came to tick the checkbox, including how the user responds before, during, and after the action. In cases where the engine cannot confidently differentiate, a mobile-friendly verification tool like image selection from a list may be supplied or a CAPTCHA itself.

reCPATCHA Key Generation

Google's reCAPTCHA may be enabled by following these steps:

  1. Navigating to Setup >> General Settings,
  2. Selecting the Security tab,
  3. Choosing the reCAPTCHA Captcha Type radio button,
  4. Entering the public and private keys by Google here.
  • For forward compatibility we recommend selecting the Invisible reCAPTCHA option:

More information is available here.

Below are some examples of how the reCAPTCHA challenge may be presented to your end users.

reCAPTCHA Version 1

In WHMCS versions 5 to 6, a previous implementation of reCAPTCHA was used, referred to as "V1". This service has been discontinued by Google, but our documentation for this remains for archive purposes.

For instructions on migrating from reCAPTCHA v1 to v2, please refer to the Google reCAPTCHA page.