ReCAPTCHA Setup β
Configure Google reCAPTCHA to protect forms from spam and abuse.
Overview β
ReCAPTCHA prevents automated bots from submitting spam feature requests, registrations, and comments.
Protected forms:
- User registration
- Feature request submission
- Contact forms (if enabled)
- Comment posting (optional)
reCAPTCHA Version
FeedbackFlow supports reCAPTCHA v2 (checkbox) and v3 (invisible). v3 is recommended for better user experience.
Getting reCAPTCHA Keys β
Step 1: Access reCAPTCHA Admin β
Go to Google reCAPTCHA Admin Console
Step 2: Register a New Site β
Click + to create a new site.
Step 3: Configure reCAPTCHA β
Fill in the registration form:
| Field | Value |
|---|---|
| Label | FeedbackFlow |
| reCAPTCHA type | reCAPTCHA v3 (recommended) or v2 |
| Domains | yourdomain.com (without https://) |
| Accept terms | β Check the box |
Step 4: Submit β
Click Submit to generate keys.
Step 5: Copy Keys β
You'll receive:
- Site Key (public key)
- Secret Key (private key)
Configuring in FeedbackFlow β
Step 1: Access Settings β
- Log in to admin dashboard
- Navigate to Settings β ReCAPTCHA Settings
Step 2: Enter Keys β
Fill in the fields:
| Field | Description |
|---|---|
| Enable reCAPTCHA | Toggle to enable |
| Site Key | Your reCAPTCHA site key (public) |
| Secret Key | Your reCAPTCHA secret key (private) |
| reCAPTCHA Version | v2 or v3 |
Step 3: Configure Threshold (v3 only) β
For reCAPTCHA v3, set the minimum score threshold:
- Range: 0.0 to 1.0
- Default: 0.5
- Recommended: 0.5
- Strict: 0.7 (more false positives)
- Lenient: 0.3 (more spam may pass)
Higher scores = more confident the user is human.
Step 4: Select Protected Forms β
Choose which forms require reCAPTCHA:
- [ ] User Registration
- [ ] Feature Request Submission
- [ ] Comment Posting
- [ ] Contact Forms
Step 5: Save β
Click Save Settings.
reCAPTCHA v2 vs v3 β
reCAPTCHA v2 (Checkbox) β
Pros:
- Visible verification
- Clear pass/fail
- Users understand what's happening
Cons:
- Additional user friction
- Checkbox required on each submission
- Accessibility challenges
Best for:
- High-security needs
- Forms with high spam rates
reCAPTCHA v3 (Invisible) β
Pros:
- No user interaction required
- Better user experience
- Works in background
Cons:
- Score-based (not binary)
- Requires threshold tuning
- Less obvious to users
Best for:
- General use
- User-friendly experience
- Moderate spam protection
Recommendation
Use reCAPTCHA v3 with a 0.5 threshold for best balance between security and user experience.
Testing reCAPTCHA β
After configuration:
- Log out of admin dashboard
- Visit the registration or feature request page
- Verify reCAPTCHA badge appears (v3) or checkbox appears (v2)
- Submit the form
- Check submission succeeds
Troubleshooting β
reCAPTCHA Not Showing β
Check:
- reCAPTCHA is enabled in settings
- Site and Secret keys are correct
- Domain matches reCAPTCHA admin console
- JavaScript is enabled in browser
- No browser extensions blocking reCAPTCHA
"Invalid Site Key" Error β
Cause: Site key is incorrect or domain mismatch
Solution:
- Verify site key copied correctly
- Check domain in reCAPTCHA admin console matches your domain
- For localhost testing, add
localhostto domains
Form Submissions Blocked β
For v3:
- Lower the threshold score (try 0.3)
- Check reCAPTCHA admin console for failure logs
For v2:
- Ensure users are clicking the checkbox
- Check for browser compatibility issues
"ERROR for site owner: Invalid domain" β
Cause: Your domain is not added to reCAPTCHA configuration
Solution:
- Go to reCAPTCHA admin console
- Edit your site
- Add your domain to the domains list
- Save changes
Localhost Testing β
For local development, add to reCAPTCHA domains:
localhost127.0.0.1
Or use test keys provided by Google:
Test Site Key (always passes):
6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhITest Secret Key:
6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWeProduction
Never use test keys in production. They provide no actual protection.
reCAPTCHA Analytics β
Monitor reCAPTCHA performance:
- Visit reCAPTCHA Admin Console
- Select your site
- View analytics:
- Total requests
- Verification success rate
- Score distribution (v3)
Use this data to tune your threshold settings.
Privacy Considerations β
reCAPTCHA collects user data including:
- IP address
- Cookies
- Browser information
Compliance:
- Update Privacy Policy to mention reCAPTCHA
- Link to Google's Privacy Policy
- Inform users in terms of service
Alternative: hCaptcha β
If you prefer an alternative to Google reCAPTCHA, consider hCaptcha (requires custom integration).
Disabling reCAPTCHA β
To disable reCAPTCHA:
- Navigate to Settings β ReCAPTCHA Settings
- Toggle Enable reCAPTCHA off
- Save changes
Forms will no longer require reCAPTCHA verification.
Best Practices β
Use v3 by Default β
Better user experience with invisible verification.
Monitor Spam Rates β
If spam increases, lower the v3 threshold or switch to v2.
Combine with Other Protection β
Use reCAPTCHA alongside:
- Spam Detection - AI-powered content filtering
- Trust Score System - User reputation tracking
- Email verification
Update Privacy Policy β
Inform users about reCAPTCHA usage and data collection.
Next Steps β
- Advanced Settings - More advance Settings
- Createing Boards -New board create