Add ReCAPTCHA to Donation Forms
under review
Devin Walker
ReCAPTCHA is an often requested feature that we don't have Core support for and we should to reduce credit card testing and provide support with an easy was to recommend fraud prevention.
Stripe also emails us about implementing it when the detect one of our customers are experiencing card testing.
Here's our current snippet: https://github.com/impress-org/givewp-snippet-library/blob/master/form-customizations/implement-recaptcha.php
Note: We already have code implementing ReCAPTCHA on the "Access Control" tab so some logic already exists in the plugin to implement this, just not on the donation form itself.
We should also consider supporting reCAPTCHA v3 since it is less invasive than v2.
Pascal Dörflinger
Any updates on this?
E
Ed W
It's very much needed. We were getting tons of spam, even with Akismet and Zero Spam, and eventually settled on using a UI slider test to make sure there was a human using the donation form, but it keeps breaking. Having a solid solution from GiveWP is necessary. We are also strongly considering dropping GiveWP in favor of using a form plugin with integrated spam protection.
Angela Blake
under review
Hey folks! We're revisiting form security soon and will be looking for the best ways to make our forms more secure.
Feel free to comment on this post with your input or drop other suggestions.
B
Brendon
Consider adding cloudflare Turnstile as well.
U
Uwcrbc
Hi Devin,
May I ask for a quick update on this?
This feature request is currently the highest voted for (from what I can see) of the "planned" and "in progress" ones.
It is also linked to an inherent security underlying issue that has been plaguing GiveWP for the past few years (spam donations) and a captcha mechanism would go a long way in preventing / fighting these.
Clearly, Akismet, Stop Donor Spam and Cloudflare while helpful, are simply not effective enough.
I would argue that the implementation of this further security measure should be catpcha provider agnostic (hcaptcha, reCaptcha, Friendly Captcha etc..), but I would settle for any one of them if this means improving the situation of SPAM donations.
Many thanks in advance for the short feedback.
Webkatana
ReCaptcha v3 definitely! V2 isn't user friendly at all and clearly...outdated
L
Lee Busch
Even with Akismet and Stop Donor Spam, we still see card testing on our site. v3 ReCaptcha would be a valuable core feature.
M
Marcello
We tried everything else and had to revert to implementing the reCAPTCHA snippet. Definitely a good thing to be integrated into the plugin. This will make it accessible to more clients.
R
Rob Butz
v2 reCAPTCHA makes the donor experience terrible, and we really, really would love to have the code snippet updated so that we can implement something like reCaptcha v3 quickly. GiveWP Support's suggested remedies for "donor spam" (Akismet integration, raise the minimum amounts, Stop Donor Spam, implement Cloudflare) either don't work at all for us, or there's another reason we can't use those solutions. :/
Abdullah
I disagree with the implementation of ReCaptcha. Google has made ReCaptcha incredibly unfriendly for non-Chrome users and they plan to charge for the service in future. Cloudflare has moved to hCaptcha which is privacy respecting and does not discriminate between users' choice of browser.
The implementation for hCaptcha is similar to ReCaptcha.
J
Jan A.
Abdullah: Yes, there should definitely be support for hCaptcha, as some people clearly refuse Google tools. I created a feature request for this:
Load More
→