I am not a robot.
No, dear website I am trying to sign up on, I am not a robot.
No, esteemed Customer Support service I am trying to contact, I am not a robot.
Judging by the number of times I’ve had to prove I’m made of flesh and bones, I might as well be living in a post-apocalyptic scenario of some sort.
Nonetheless, Captcha-like security is somewhat of a necessary evil. Yes, it can be annoying to keep asking people if they are machines trying to take over the world (or, erm, at least take over your form data). However, think of it the other way around: without some WordPress contact form spam protection, machines will take over your data, sooner or later. The same goes for any other CMS platform.
They may not kick in Terminator-style, promising to be back. However, they will almost inevitably spam your forms to the point where you cannot make sense of your inbox. I guess we don’t have to remind you that this can be a pretty impressive gateway for other types of security breaches. Some of these breaches might end up being infinitely worse than basic spamming.
Like it or not, building a better contact form means that you will, sooner or later, have to implement a WP CAPTCHA plugin. It’s how things go and trying to find your way around it will most likely lead to nothing good.
How to do that, and what are some of the absolute essentials you should know about security for contact forms?
Let’s dive in.
What Is Captcha?
CAPTCHA here, CAPTCHA there, CAPTCHA, CAPTCHA everywhere.
In (very) short, CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Yes, this sounds post-Skynet-apocalyptic. But no, it’s not about that (not yet at least). Also, yes, it’s somewhat related to Alan Turing.
CAPTCHA is a response test used to determine if a user is human. Alternatively, to put it in another perspective, a CAPTCHA form will prevent bots and other machine-powered spamming monsters from submitting an endless number of forms on your site.
Why is it so vital that you add CAPTCHA to your form?
The matter is simple: a simple CAPTCHA picture or click test can deter spammers who would otherwise:
- Make your life a living hell because you would have to filter out through a thousand and one forms manually
- Fill your inbox to the point of no return
- Open the gate to potential malware
We are not discussing one or two random spammy emails. Think hundreds, thousands of emails, every single day. Think of the time you would have to put into cleaning your inboxes. Think of how every individual access point in your network is a potential risk.
Ultimately, think of how this affects the quality of the data you store on your servers. Regardless of what purpose you may use your forms for, data hygiene is crucial. Just like bacteria, spammy data can spread through your database, infecting your productivity levels, the decisions your company makes, and the very essence of your security.
You can prevent all of it if you add CAPTCHA security to your form. Regardless of whether it’s a CAPTCHA picture test or an algebra test, it is much harder to bypass CAPTCHA than it is to spam a contact form of any kind.
The best news about this whole deal is that you don’t have to be PHP hero to add CAPTCHA to your forms.
CAPTCHA is, in fact, straightforward to add – especially if you use 123FormBuilder. Also, no, this is not just to brag about just how easy and impressive our tool is. It takes a couple of clicks to add a CAPTCHA verification step to any form you create with 123FormBuilder. Two clicks, OK? Let’s move on.
What Is reCAPTCHA?
ReCAPTCHA is a CAPTCHA-like system built by Google and used to help distinguish between man and machine. In addition to this, ReCAPTCHA is used for the digitization of books as well.
ReCAPTCHA is, in fact, a type of CAPTCHA test. The functionality is more or less the same, and the point of these tests is to make sure spambots don’t get through. ReCAPTCHA has changed its form over time (by a lot) – and predictions say that it will continue to change in the future as well.
Well, in time, spambots learn how to stop ReCAPTCHA – they learn the patterns humans produce when they solve the challenges CAPTCHA tests put forward, and they replicate them perfectly. The more advanced bots become, the more CAPTCHA tests need to mature as well.
How does ReCAPTCHA work?
While CAPTCHA tests used to provide users with an image containing distorted letters, ReCAPTCHA is more sophisticated, and it chooses, on its own, if it will display a simple “I am not a robot” button or a more complex text (such as selecting images that contain a particular object). This choice is made based on a sophisticated algorithm Google uses to analyze if, for instance:
The computer the test is run on has been used for human activities (like checking email, checking eCommerce sites, and other marks of human behavior, usually given away by the cookies stored on the device)
The IP address is correlated with human activities
The user interacts with the CAPTCHA in a human-like way (before, during, and after the actual test).
If ReCAPTCHA detects any suspicious behavior, it will automatically display a more complicated test, to ensure that the user at the other end of the form is human.
If you want to add ReCAPTCHA to a form, you can use our unique Security setting in the 123FormBuilder interface. Click on “reCAPTCHA,” and then on “Save.” That’s it, piece of cake!
Should you use CAPTCHA or reCAPTCHA?
Well, SimilarTech stats show that reCAPTCHA is leading the market across multiple verticals. Although general CAPTCHA has grown in popularity as well, it still looks like it’s lagging. Furthermore, reCAPTCHA is more common in the USA, the UK, Japan, and another 198 countries, while general CAPTCHA is more common in Russia, China, and approximately 19 other countries.
As shown before, there are differences between the two. If you want to go for the more sophisticated method, reCAPTCHA is what you are looking for. If you want something more straightforward (and, perhaps, something a little less data-intrusive), settle on a more traditional form of anti-spam security (like the general CAPTCHA).
We provide both options with our form builder – so rest assured that you can pick whichever option suits you best.
Are There any CAPTCHA Alternatives?
The short answer is yes; there are CAPTCHA alternatives. If the idea of pestering all of your users with annoying questions is what troubles you, we suggest the anti-spam honeypot method.
When you add CAPTCHA to a contact form (or form of any kind), you can add a hidden field to trick spambots and still keep your UX clean and tidy for the users. In our form builder, you can do this by following these steps:
- Add a Short Text field in your form
- Mark it as “Hidden”
- Go to Settings → Rules
- Tick “Enable field rules”
- Click on “Add Rule”
- Select IF “Short Text” “Is Not” empty (leave the field as it is), THEN “Hide” “Submit Button”
Since spambots do see that field, they will likely fill it in. When that happens, the rule you have just set up will be triggered (since the field will not be empty anymore) and the bot will not be able to submit the form anymore.
As a user surfing the web and a proud citizen of the Internet, I’m not a robot. I know that for a fact and, unless I live in a simulation of some sort, there’s no way anyone can deny that — not even the smartest CAPTCHA in the world.
Even so, I am fully aware that Google CAPTCHA (or, rather, RECaptcha), as well as other basic security methods, are necessary. Regardless of what webform CAPTCHA I might be facing when I’m in a hurry and just trying to move through the security gates as soon as possible, I know these steps are necessary.
No, I am not a robot, CAPTCHA. I am very much human; thank you very much. However, with all the bots floating through cyberspace, I fully understand why I need to prove my humanity every step of the way.
Truth be told, a Google CAPTCHA (or reCAPTCHA) form can save you a lot of trouble — and given that it is so easy to implement one, there’s no reason not to do it!