reCAPTCHA v3

Owned by Sarah Holst
Last updated: Nov 15, 2024 by Leigh Bush
3 min read

Overview

The reCAPTCHA v3 API helps detect abusive traffic without user interaction. Instead of showing a CAPTCHA challenge (as with older versions), reCAPTCHA v3 returns a score. Resorts can then choose the most appropriate action for their websites according to this score. Because scores are determined by monitoring user interaction on your site, Aspenware recommends implementing reCAPTCHA to begin site monitoring as soon as possible and across all possible interactions. reCAPTCHA thresholds can be adjusted and the feature can also be disabled at any time. For more information on reCAPTCHA v3, see Introducing reCAPTCHA v3: the new way to stop bots.

Configuration Guide

Prerequisite Step

In order to use reCAPTCHA v3 you will need to register your site and get your reCAPTCHA public and private keys at https://www.google.com/recaptcha/admin/create.

Detailed Setup Guide

Once you have your public and private reCAPTCHA keys, you can configure the feature in Aspenware Commerce by completing the following steps:

  • In Aspenware Admin, go to Configuration > General Settings > Advanced.

  • Scroll down to the reCAPTCHA section.

  • Click ‘Enable’ if reCAPTCHA v3 is not already enabled.

  • Select each of the other locations you would like reCAPTCHA v3 to monitor your site by checking the box next to that function. The options are:

    • Enable on checkout personalization page

    • Enable on checkout payment page

    • Enable on resort charge modules

    • Enable on add family member modules

    • Enable on vouchers module

image-20240307-190354.png

NOTE: Aspenware recommends enabling reCAPTCHA v3 on all locations for maximum security benefit.

  • Enter the following:

    • reCAPTCHA public key: Enter your public (site) key obtained above.

    • reCAPTCHA private key: Enter the private (secret) key obtained above.

    • reCAPTCHA Threshold: Set a threshold to begin monitoring your site.

NOTE: reCAPTCHA learns by seeing real traffic on your site. For this reason, scores in a staging environment or soon after implementing may differ from production. As reCAPTCHA v3 doesn't ever interrupt the user flow, you can first run reCAPTCHA without taking action and then decide on thresholds by looking at your traffic in the admin console. A threshold of 0 will ensure that NO ACTION is ever taken. A default threshold of .5 can be used. For more information on interpreting the score, see the Google reCAPTCHA v3 documentation.

 

Troubleshooting

Q: ReCaptcha is blocking my users or test users from doing something

A: Please verify the following:

  • Is your reCAPTCHA public and private key correct?

  • Is your site url added to Google ReCAPTCHA?

  • Is your threshold set to 1?