Originally I use Mailchimp embed form for newsletter signup.
But it was not reCAPTCHA enabled. It worked well but few hours ago, I noticed large amount of spam signups at Mailchimp.
So I was going to add reCAPTCHA to my form to prevent bots.
I go to the Mailchimp -> Settings -> List name and campaign defaults and I saw the checkbox for reCAPTCHA enabling as below.
Mailchimp Enabling reCAPTCHA
I enabled it. The problem is that I cannot see reCAPTCHA box on the form. And I tested with several fake data and
the result is everything worked well as before.
Could anybody help me? Where am I wrong?
We started getting spam signups as well. It turns out the reason for that is that Mailchimp turned off double opt-in a few weeks ago. So I turned it back on and the spam signups stopped.
I would rather use reCaptcha than double opt-in but like you cannot get reCaptcha to work.
Related
I hope this is the right forum to ask this question.
I've recently integrated reCaptcha v3 into a website I manage in order to protect the login form.
I get alot of noise from users saying that if they are in the office (and originate from the same IP) or customers who are using shared IPS (office IPs) are failing login.
For the meantime I've disabled reCaptcha by allowing score 0 to login.
My question is.. is there a built in way in reCaptcha to send Google's API information about the request or should I just add the reCaptcha score into my own calculation when allowing the login ?
Thanks !
I made some Mailchimp Landing pages a while back using strictly the in-band tools (no fancy API stuff) in the most straightforward way. They all worked when they were created. Now they don't work. A Mailchimp branded "sticker" that I don't remember seeing before appears to be slapped on top of the form in an inopportune place. The sticker has links to mailchimp privacy policy terms and general Mailchimp signup. You can enter an email address in the email field. The other field IIRC is optional but you can't enter anything in it now. And the submit button doesn't do anything. Nothing appears to be wrong in the mailchimp landing page editor. All of the client's landing pages fail the same way and they all worked when they were originally made. Here is an example page: I hope I have asked this question the right way but please forgive me if I did something wrong in the asking.
I'm migrating from Google reCAPTCHA v2 to v3. As they are quite different, I have a question.
I used to place my reCAPTCHA v2 only inside web pages where a form exists, to make users click and avoid bots. That's understood, ok, but with reCAPTCHA v3 there is NOT a checkbox where to click on (reCAPTCHA v3 analyzes the user behaviour and clicks).
So... should I place the reCAPTCHA v3 just in forms pages or should I place it in all and every pages I have (to make recaptcha observe how the user interacts with the web)?
I would disagree with Galzor’s answer. The documentation says that
The score is based on interactions with your site and enables you to take an appropriate action for your site.
It’s “site” and not page. It goes on to say
reCAPTCHA works best when it has the most context about interactions with your site, which comes from seeing both legitimate and abusive behavior. For this reason, we recommend including reCAPTCHA verification on forms or actions as well as in the background of pages for analytics.
To me that last sentence means “every page with analytics on my site” — i.e. every page, whether it has a form on it or not. Which then gives rise to all sorts of privacy concerns, see also here.
Now my question is: what does the “reCAPTCHA verification” refer to? Including the api.js script or executing something or… 🤔
Unfortunately, the docs don’t spell this out clearly.
Addendum
(Feb 2023)
I switched to hCaptcha and their docs are also somewhat unclear. However, their customer service responded with
You should add the script and the DOM container with hCaptcha widget only on the contact form page and then call our /siteverify endpoint to validate the user.
and
Same scenario for second case, add it only on the sign up page and if validated within our side the user should be able to log in.
Based on that response I added the CAPTCHA only to the Contact page of my website and to the Sign Up page of the webapp.
Not sure this would also apply to Google’s CAPTCHA, though.
I dont think it should go into every page. mostly the users will find it too intrusive on all pages. in my opinion use it on page with form only.
I'm migrating from reCaptchav2 to v3 and I've got some issues I don't know how to solve them.
I put the reCaptcha v3 in the login page, but if the users do login so fast, the captcha is not solved yet (Google has not send the response yet), so my page throws an error as if the captcha was not well solved (as if the user was a bot).
How could I solve this? In version 2, I could wait the checkbox of captcha was checked, but now there isn't a checkbox...
Thanks!
I found a solution.
When I call the Google reCaptcha API, the submit button is disabled meanwhile.
When I get the answer from Google, I enable the button so I can do submit.
I do that cheching to a variable in javascript that will be true when the answer is ready.
Hope this helps.
Google announced Invisible ReCAPTCHA is coming soon. For now, if you want to integrate the new reCAPTCHA to your site or app you can register here.
I do have 2 site keys whitelisted for the new Invisible reCaptcha and I've started "playing" with their examples: see them here https://developers.google.com/recaptcha/docs/invisible
Yes, when the page loads the recaptcha is invisible but when the form is submitted the recaptcha challenge appears all the time. You have to click on images, draw something around something else... etc
I've been testing this on different servers, 2 different sites which have the site key approved to use the Invisible reCaptcha, with different browsers form different locations. Same behavior: Google shows the challenge when the form is submitted on all 3 examples they have on their page.
Is this what we should expect?
Just as with the checkbox, if it can't reliably determine if you aren't a bot, you get a challenge. I can confirm that the invisible part does work when you are detected as a human.
Actually you have to approve the Terms of Service when you create a new reCAPTCHA site, that says that
You agree to explicitly inform visitors to your site that you have implemented the Invisible reCAPTCHA on your site and that their use of the Invisible reCAPTCHA is subject to the Google Privacy Policy and Terms of Use.