Google reCAPTCHA

Due to potential security risks while using reCAPTCHA v2 and Invisible reCAPTCHA, we strongly recommend that you update your settings to use reCAPTCHA v3. A hotfix to add support for reCAPTCHA v3 is available for WHMCS 8.10.

Preventing bots from accessing your website and store is challenging but vital for your business. Various verification methods can help you achieve this, with varying levels of accuracy for you and difficulty for your customers. Methods that are the most effective at catching bots can also create frustration for clients and loss of potential customers.

  • reCAPTCHA can help resolve this issue without increasing customer frustration, using an advanced, secure risk analysis engine.
  • Invisible reCAPTCHA offers similar protection but allows most customers to proceed with no interruption.

How reCAPTCHA Works

When a visitor takes certain actions on your site:

  1. The system will require them to check a checkbox to verify that they are human.
  2. Google’s risk analysis engine will analyze the way in which the user checked the checkbox, including their behavior before, during, and after the action.
  3. If Google is able to verify that the user is human, they can proceed. If Google is not able to verify this, a mobile-friendly verification tool like a CAPTCHA or image selection will appear.

Enabling reCAPTCHA v2

To enable Google reCAPTCHA:

  1. Go to the Security tab at Configuration () > System Settings > General Settings.
  2. For Captcha Type, select reCAPTCHA v2.
    Selecting Google reCAPTCHA
  3. For Captcha for Select Forms, select the locations in which you want to use reCAPTCHA.
    Selecting forms to use Captchas
    For more information, see Captcha for Select Forms.
  4. Log in to your Google account.
  5. Select I’m not a robot.
  6. Enter your domain under the domains section.
  7. Accept the Google Terms of Service.
  8. Click Register.
  9. Copy the Site Key and Secret Key that Google generated and enter them in WHMCS.
    Entering the Google reCAPTCHA Site Key and Secret Key
  10. Click Save Changes.

Enabling Invisible reCAPTCHA

To enable the Invisible reCAPTCHA feature for the shopping cart:

  1. Go to the Security tab at Configuration () > System Settings > General Settings.
  2. For Captcha Type, select Invisible reCAPTCHA.
    Selecting Invisible reCAPTCHA
  3. For Captcha for Select Forms, select the locations in which you want to use reCAPTCHA.
    Selecting forms to use Captchas
    For more information, see Captcha for Select Forms.
  4. Log in to your Google account.
  5. Enter a label for your key.
    Generating a reCAPTCHA key in Google
  6. Select reCAPTCHA v2.
  7. Select Invisible reCAPTCHA badge.
  8. Enter your domain under the domains section.
  9. Accept the Google Terms of Service.
  10. Click Register.
  11. Copy the Site Key and Secret Key that Google generated and enter them in WHMCS.
    Entering the Invisible reCAPTCHA Site Key and Secret Key
  12. Click Save Changes.

Enabling reCAPTCHA v3

To enable the reCAPTCHA v3:

  1. Go to the Security tab at Configuration () > System Settings > General Settings.
  2. For Captcha Type, select reCAPTCHA v3.
    Selecting reCAPTCHA v3
  3. Log in to your Google account.
  4. Select I’m not a robot.
  5. Enter your domain under the domains section.
  6. Accept the Google Terms of Service.
  7. Click Register.
  8. Copy the Site Key and Secret Key that Google generated and enter them in WHMCS.
    Entering the Google reCAPTCHA Site Key and Secret Key
  9. For reCAPTCHA Score Threshold, enter the desired minimum score for reCAPTCHA verification. You can enter a value between 0 (least restrictive) and 1 (most restrictive). For example, .5.
  10. For Captcha for Select Forms, select the locations in which you want to use reCAPTCHA.
    For more information, see Captcha for Select Forms.
  11. Click Save Changes.
google-recaptcha client-area security

Last modified: July 25, 2024