Google reCAPTCHA

From WHMCS Documentation

Differentiating between humans and bots (computers) is an ever-changing and more challenging task. A number of solutions have been implemented, typically involving increasing obscured text and numbers or images, such as the default 5 character verification of WHMCS.

As bots and software have become more sophisticated, a common solution was to make the text more difficult to read, which can result in frustrated and lost potential clients. Google's reCAPTCHA set's out to change that. They have created a system that is easy for people, but hard for bots. By using an advanced and more secure risk analysis engine, humans and bots are more effectively differentiated.

The first step in authentication is to ask the user to confirm that they are not a robot by ticking a checkbox. While this sounds simple, Google's risk analysis engine takes a lot into account about how the user came to tick the checkbox, including how the user responds before, during, and after the action. In cases where the engine cannot confidently differentiate, a mobile-friendly verification tool like image selection from a list may be supplied or a CAPTCHA itself.

Google reCAPTCHA V2 is available in WHMCS 7.0 and later.

Enabling Google reCAPTCHA

Google's reCAPTCHA may be enabled by following these steps:

  • Navigate to Setup > General Settings > Security
  • Under the setting Captcha Type, select reCAPTCHA
  • Visit and log into your Google account
  • Click the "Register a new site" option, enter in a label for your key and select the "Invisible reCAPTCHA" option.
  • Be sure to enter in your domain under the "domains" section and then accept the Google terms of service and click the Register button to finish registering your site and generating your keys.
  • Copy the Site Key and Secret Key issued by Google and enter them in the fields provided in WHMCS.
  • Check the reCAPTCHA Invisible Key checkbox
  • Save Changes to complete the process

Captcha type.png

Recaptcha config.png

Enabling Shopping Cart Checkout Invisible Captcha

This section describes a feature available in version 7.6 and above

To enable the Invisible reCAPTCHA feature for the shopping cart, ensure the following are true:

  • reCAPTCHA is selected under Captcha Type
  • An Invisible reCAPTCHA compatible Site Key and Secret Key are entered in the appropriate fields
  • That the reCAPTCHA Invisible Key checkbox is checked
  • That the "Shopping Cart Checkout" checkbox option is checked under reCAPTCHA for Select Forms