This guide will review how to set up reCAPTCHA v3 in Aspenware Commerce. For general release notes, please see 2.29 Commerce Release Notes. For a general overview of reCAPTCHA see Google reCAPTCHA v3 documentation.
Overview
The new reCAPTCHA v3 API helps detect abusive traffic without user interaction. Instead of showing a CAPTCHA challenge (as with older versions), reCAPTCHA v3 returns a score. Resorts can then choose the most appropriate action for their websites according to this score. Because scores are determined by monitoring user interaction on your site, Aspenware recommends implementing reCAPTCHA to begin site monitoring as soon as possible and across all possible interactions. reCAPTCHA thresholds can be adjusted and the feature can also be disabled at any time.
Configuration Guide
Prerequisite Step
In order to use reCAPTCHA v3 you will need to register your site and get your reCAPTCHA public and private keys at https://www.google.com/recaptcha/admin/create.
Detailed Setup Guide
Once you have your public and private reCAPTCHA keys, you can configure the feature in Aspenware Commerce by completing the following steps:
Go to Aspenware Admin > Configuration > General Settings > Advanced
Scroll down to the reCAPTCHA section
Click ‘Enable’ if reCAPTCHA v3 is not already enabled
Select each of the other locations you would like reCAPTCHA v3 to monitor your site by checking the box next to that function (e.g. “Enable on checkout payment page” or “Enable on vouchers module”)
NOTE: Aspenware recommends enabling reCAPTCHA v3 on all locations for maximum security benefit.
Enter the following:
reCAPTCHA public key: Enter your public (site) key obtained above
reCAPTCHA private key: Enter the private (secret) key obtained above
reCAPTCHA Threshold: Set threshold to begin monitoring your site
NOTE: reCAPTCHA learns by seeing real traffic on your site. For this reason, scores in a staging environment or soon after implementing may differ from production. As reCAPTCHA v3 doesn't ever interrupt the user flow, you can first run reCAPTCHA without taking action and then decide on thresholds by looking at your traffic in the admin console. A threshold of 0 will ensure that NO ACTION is ever taken. A default threshold of 5 can be used. For more information on interpreting the score, see the Google reCAPTCHA v3 documentation.