Google ReCAPTCHA: Comment Spam Protection

This help page covers setting up the google recaptcha module, which is used to help protect your public site from spam comments on public posts.

You will need the "Site Admin" role in order to complete these steps.

 

Enable the Google reCAPTCHA fetaure

Navigate to:  Settings & admin > Enable / disable features

At the very bottom of the list, checkmark the box next to "google recaptcha" and then press save. If there's any delays with enabling the module, refresh the browser.

Be sure to complete setup after this point, as some forms are enabled by default on the login page, and without keys, users will have issues logging in.  You can jump to the section on where forms are to disable the default enabled one, or follow the regular setup steps to fully enable the feature.

 

Navigate to the Google reCAPTCHA page

Go to: Main Menu > public site area > google reCAPTCHA

 

Create a profile with google re-captcha for your site

Click on the third tab labeled "Keys and settings".

There is a link at the top of the page that will take you to the correct google page in order to create your keys.

You can also use this link  - then click on the blue button in the top right-hand corner that says "get reCAPTCHA".

Choose the option to register a new site.

You will need to enter a label - this is just so you know which site these settings will be fore - you can label is something like "My Choir's Site" or "ChoirGenius Public Site".
You will also need to select a method of protection:

  • reCAPTCHA V2 - this uses an "i am not a robot" checkbox and a short visual quiz (matching photos, ect) to verify that you're not a robot (this is the "captcha").
  • Invisible reCAPTCHA - this validates users in the background. The checkbox and quiz only appears if it isn't able to verify you automatically.
  • reCAPTCHA Android - do not select this version.

Once you select an option, you will asked to enter the domains for which it should create keys. You need to only enter the main domain - all subdomains will be added automatically.
ex:   "mychoir.com" will also register www.mychoir.com

Agree to google's terms of service by clicking the checkbox, and then click  the "register" button.

Once your domain is registered you will be redirected to a page which includes keys.

You will need to copy both the Site key and the Secret key into the settings page for reCAPTCHA on your ChoirGenius site.

Note: Farther down the page is a section labelled "Key Settings" - in this section, you can add other owners if other people need access to these settings, and you can click on the "advanced" heading to change the intensity of the the captcha process to help combat spam commenting.

 

Enter the keys on your ChoirGenius site

On the reCAPTCHA page, under the "Keys and Settings" tab,  enter the Site and Secret keys into the appropriate fields.

Choose your recaptcha language, widget size (this is the size of the "I am not a robot" box), the widget colour (light or dark), and finally, select if you want to collect stats, and if things should be written into the main site log. These settings are completely up to you.

Remember to save the page.

 

Choose which pages are protected

Navigate to the second tab on the Google reCAPTCHA page within your ChoirGenius site labeled "Forms for protection".

You will see a list of items with checkboxes - this is where you can choose which pages are protected.

You'll want to select "comments", as well as any of your webforms that are on your public site - such as "contact us".

The login pages will be protected automatically and is recommended for security purposes.

 

Remember to save your changes - and that's it, your site is now protected from spam comments using Google's reCAPTCHA!