reCAPTCHA V3 for Jetpack
by Schwarttzy on WordPress.org
Adds Google reCAPTCHA v3 to Jetpack forms and comments to prevent spam, with stats and spam folder handling.
Settings Page: Configure Site Key, Secret Key, v3 Score Threshold, and Debug Mode under Settings > reCAPTCHA for Jetpack.
reCAPTCHA for Jetpack enhances your WordPress site’s security by integrating Google reCAPTCHA v3—an invisible, score-based spam filter—with Jetpack contact forms and comments (including forums). Designed for block-based themes (e.g., Full Site Editing), it uses behavioral scoring to block bots seamlessly. Key features:
- Invisible Protection: Analyzes user behavior (e.g., mouse movements, session duration) to assign a score (0.0–1.0) for contact forms and comment forms.
- Customizable Threshold: Set a score threshold (default 0.5) to balance spam blocking and user access for both forms and comments.
- Debug Mode: Toggle console.log output for debugging purposes; disable for production to reduce browser console clutter.
- Automatic Spam Handling:
- Form submissions with scores below the threshold are reliably blocked and moved to the Jetpack Feedback CPT spam folder in the admin interface.
- Comments with scores below the threshold are automatically moved to the spam folder without triggering approval emails.
- Submission Stats: Tracks total submissions and logs the last 20 submissions (forms and comments) with scores and status (success/spam) in a streamlined manner.
- Jetpack Integration: Requires Jetpack for contact form and comment protection, fully compatible with block-based forms and Jetpack forums.
- Email Enhancements: Appends reCAPTCHA scores to form submission emails and comment notification/moderation emails for transparency.
- Admin Feedback: Displays reCAPTCHA scores to admins on form success pages and logs detailed debug info for failed submissions.
Perfect for modern WordPress sites, this plugin provides robust spam prevention with insightful analytics, ensuring a seamless user experience while keeping your forms and comments spam-free.
External Services
This plugin uses Google reCAPTCHA v3, a service provided by Google to verify user interactions and prevent spam on contact forms and comments.
- Purpose: Google reCAPTCHA v3 analyzes user behavior to assign a score (0.0–1.0) indicating the likelihood of a user being a bot. This score determines whether form submissions are blocked (moved to spam) or comments are flagged as spam.
- Data Sent: When a user submits a form or comment, the plugin sends a reCAPTCHA token to Google’s API (
https://www.google.com/recaptcha/api/siteverify). The request includes:- The reCAPTCHA secret key (configured in the plugin settings).
- The reCAPTCHA response token generated by the client-side script.
- The user’s IP address (optional, included for enhanced verification).
- When Data is Sent: Data is sent to Google’s API on every Jetpack contact form or comment submission.
- Service Provider: Google LLC.
- Terms of Service: https://www.google.com/recaptcha/about/
- Privacy Policy: https://policies.google.com/privacy
Users must agree to Google’s terms of service when setting up reCAPTCHA keys. No user consent is required for reCAPTCHA v3, as it operates invisibly without challenges.
License
This plugin is licensed under the GPLv2 or later. See https://www.gnu.org/licenses/gpl-2.0.html for details.
