reCAPTCHA is one of Google's services that helps you to fight against spammers. Spambots are software created to do something on your website itself (without help or interaction with humans). Actually, spambots do the same tasks on thousands of websites of the same kind. They have the common purposes: to add some content to your website (forum post, comment, etc.) or send an email from your website.
These actions won't break your website. Your website won't be hacked if it's attacked by the spambots. It will continue to function normally. However, after successful actions made by the spambots, your website will promote the products you don't want it to promote. This will certainly ruin the reputation of your website. Therefore, you must be aware of all changes done on your website and remove the unwanted changes promptly.
However, you may receive hundreds of unwanted forum posts, or comments on your website daily. Dealing with all this takes time. So, you would probably want to somehow block spambots from registering accounts on your Joomla website and posting anything. reCAPTCHA is a Google service that lets you add a small "test" on your Joomla registration and contact forms. This piece of code will test everyone who tries to register an account or use the contact form. It will test if the registration form or contact form is used by a human being or by software. How it's possible? Well, for example, Google's AI technology will try to determine that by asking users to click on a button. The newer versions (v3) are even invisible and they are not bothering your regular users anyhow. If a user is suspicious, reCAPTCHA may test him further by asking him to recognize something on a combination of small images.
Joomla offers full compatibility with reCAPTCHA and therefore it's not difficult to integrate your Joomla website with this technology. However, you will need a Google account. Also, you will need to register your website to use the reCAPTCHA service.
reCAPTCHA Registration
Log in to your Google account (for example, in Gmail) and then go to the reCAPTCHA home page. On this page, click the "Admin Console" button. At this moment, v3 is the current version, but this may be changed in the future.
On the Admin Console page, click the + button to register your site. You can have multiple websites.
Enter a label for this website (or group of websites). Select reCAPTCHA type (in this tutorial, we'll use reCAPTCHA v3). Add one or more domains that you have. Make sure your Gmail address is under the domains list. This is the owner's email address. You can add multiple e-mail addresses for notifications. Make sure you accepted the reCAPTCHA's terms of service. Finally, click the "Submit" button.
On the next screen, you will get your reCAPTCHA site key and secret key. Copy them both and store them in a safe place.
reCAPTCHA Joomla Integration
When you have the reCAPTCHA site key and secret key for your domain(s), you can log in to your Joomla administrator to start the reCAPTCHA integration with Joomla.
Publish reCAPTCHA Joomla plugin
By default, Joomla's reCAPTCHA plugins are unpublished. So, the first step is to publish one of them. Go to the Plugins Manager (Extensions > Plugins) and in the search field enter "reCAPTCHA". You will see the two plugins:
- CAPTCHA - reCAPTCHA (for older reCAPTCHA v2)
- CAPTCHA - reCAPTCHA (for reCAPTCHA v3) - We will use this!
So, click on the "CAPTCHA - Invisible reCAPTCHA" plugin to view its settings.
Enter your reCAPTCHA site key and secret key. Change the status of the plugin to Published. Click the "Save" button to save the Joomla plugin's settings.
Change the "Default Captcha" in Joomla Global Configuration
Go to the Global Configuration of your Joomla site (System > Global Configuration). Under the "Site" tab, find the "Default Captcha" option. If you published the plugin, you will see the option "CAPTCHA - Invisible reCAPTCHA". Select this option and save settings.
Check If Captcha is Active For Users
Go to Users > Manage and click the "Options" button. Make sure that the "Captcha" option is set to "Use Global" or "CAPTCHA - Invisible reCAPTCHA".
Now, try to register a Joomla account. You should see the reCAPTCHA Privacy Policy notice in the bottom right corner. This confirms that reCAPTCHA is active on this page.
Check If Captcha is Active For Contacts
Go to Components > Contacts. Click the "Options" button. Under the "Form" tab, check if option "Allow Captcha on Contact" is set to "Use Global" or "CAPTCHA - Invisible reCAPTCHA".
Now, open the Contact page. You should see the reCAPTCHA Privacy Policy notice in the bottom right corner. This confirms that reCAPTCHA is active on this page.
Will reCAPTCHA Save Me From All Spammers?
Unfortunatelly, it will not! Some spammers use the mentioned spambots (software) and reCAPTCHA will probably beat them. However, some spammers may hire persons to spam for them. In this case, the spammer is a human and reCAPTCHA won't help in that case.
Therefore, you must monitor your website regularly and delete registrations, comments, forum threads, etc. that contain spam.